Beginning Nov 15, 2021, the Networking Forum discussion boards moved to the Aruba Airheads community

Comware Based

1753379 Members

5611 Online

108792 Solutions

3Com 4500 fails Radius logins

I'm testing the Radius authentication on a 4500G switch and I need a little help here.

The Radius server is a Microsoft NPS, who already authenticates wifi access with wx1200 clients.
After enabled dot1x on the switch, the management login is authenticated on the Radius, so I created a user on AD.
When I login on the switch with that user, I have (on the Radius side) Connect Request:IAS_SUCCESS - the user is validated on AD.
However, on the switch side I have this:
2000 4500G %%10SHELL/4/LOGOUT(t): Trap 1.3.6.1.4.1.43.45.1.10.2.2.1.1.3.0.2<h3cLogOut>:netadmin logout from VTY
2000 4500G %%10SHELL/4/LOGINAUTHFAIL(t): Trap 1.3.6.1.4.1.43.45.1.10.2.2.1.1.3.0.3<h3cLogInAuthenFailure>:netadmin failed to login from VTY, reason is 2
2000 4500G %%10SHELL/4/LOGINFAIL(l): TELNET user netadmin failed to login from X.X.X.X on VTY1.

(part of) current config of the switch:
----------------
version 3Com OS V5.02.00s168p20,
dot1x authentication-method eap
radius scheme system
server-type extended
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
radius scheme my_domain
server-type extended
primary authentication A.B.C.D
primary accounting A.B.C.D
secondary authentication 127.0.0.1 1645
secondary accounting 127.0.0.1 1646
key authentication secret
key accounting secret
domain my_domain
authentication default radius-scheme my_domain
authorization default radius-scheme my_domain
accounting default radius-scheme my_domain
access-limit disable
state active
idle-cut disable
self-service-url disable
domain system
access-limit disable
state active
idle-cut disable
self-service-url disable
local-user admin
password simple XXX
authorization-attribute level 3
service-type telnet terminal
user-interface aux 0
authentication-mode scheme
user-interface vty 0 4
authentication-mode scheme
----------------

On the Radius side I have a network policy to grant access on the conditions:
Windows Group -> Group with the user
NAS Port Type -> Virtual(VPN)
Authentication Type -> EAP or PAP (actually...other than PAP gives a IAS_INVALID_AUTH_TYPE)
Conditions:
Authentication Methods->PEAP and PAP,SPAP
Settings:
Radius Attributes-Standard-> Service Type=Administrative
Other settings are default.

What is missing to 4500G to accept the Radius IAS_SUCCESS and the user just validated ?

Thanks

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

3Com 4500 fails Radius logins

3Com 4500 fails Radius logins