- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: Authentication Microsoft Radius (NPS) Comware ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-24-2016 01:43 PM - edited 10-24-2016 01:50 PM
10-24-2016 01:43 PM - edited 10-24-2016 01:50 PM
Authentication Microsoft Radius (NPS) Comware V5 Switch HP A3600
Currently we access the management console of Switches via Radius authentication using Radius server Microsoft NPS. We have implemented this model in all 3Com Switch 4500 and 5500 Comware V3.
We did not make the same implementation in HP A3600 Comware V5.20.
Below is the settings that were applied in the HP A3600:
#
radius scheme lab
server-type extended
primary authentication <ip server>
primary accounting <ip server>
key authentication <password>
key accounting <password>
timer realtime-accounting 15
timer response-timeout 5
nas-ip <switch ip>
retry 5
#
domain lab.com
authentication login radius-scheme lab local
authorization login radius-scheme lab local
accounting login radius-scheme lab local
access-limit enable 60
state active
idle-cut enable 20 2000
self-service-url disable
#
user-interface vty 0 4
authentication-mode scheme
viewing the Logs of the HP A3600 Switch, got the following error messages:
*Oct 24 20:35:09:344 2016 SW_CORE_LAB RDS/7/DEBUG: Recv MSG,[MsgType=Auth request Index = 113, ulParam3=1195743184]
*Oct 24 20:35:09:344 2016 SW_CORE_LAB RDS/7/DEBUG: Send attribute list:
*Oct 24 20:35:09:345 2016 SW_CORE_LAB RDS/7/DEBUG:
[1 User-name ] [18] [userlogin@lab.com]
[2 Password ] [34] [9431D6F1B31F17848979PAOUID0BF918446CC2952D9464ED3F6EB8588D3893PPOEE3]
[4 NAS-IP-Address ] [6 ] [<ip switch>]
[32 NAS-Identifier ] [13] [SW_CORE_LAB]
[5 NAS-Port ] [6 ] [0]
[87 NAS_Port_Id ] [34] [slot=0;subslot=0;port=0;vlanid=0]
*Oct 24 20:35:09:346 2016 SW_CORE_LAB RDS/7/DEBUG:
[61 NAS-Port-Type ] [6 ] [5]
[HP-26 Connect_ID ] [6 ] [462849]
[6 Service-Type ] [6 ] [1]
[14 Login-Host ] [6 ] [<switch ip>]
[31 Caller-ID ] [19] [30302D30302D30302D30302D30302D3030]
[44 Acct-Session-Id ] [17] [11609242035f010]
*Oct 24 20:35:09:346 2016 SW_CORE_LAB RDS/7/DEBUG:
[8 Framed-Address ] [6 ] [<client ip>]
[HP-255Product-ID ] [25] [HP 3600-48 v2 EI Switch]
[HP-60 Ip-Host-Addr ] [32] [<client ip> 00:00:00:00:00:00]
[HP-59 NAS-Startup-Timestamp ] [6 ] [1262304031]
*Oct 24 20:35:09:347 2016 SW_CORE_LAB RDS/7/DEBUG:
Event: Send Packet,oem(10), send count(0), primary state(0).
*Oct 24 20:35:09:347 2016 SW_CORE_LAB RDS/7/DEBUG:
Event: Restart select server.
*Oct 24 20:35:09:348 2016 SW_CORE_LAB RDS/7/DEBUG:
Event: Begin to switch RADIUS server when sending 0 packet.
*Oct 24 20:35:09:348 2016 SW_CORE_LAB RDS/7/DEBUG:
Event: Modify NAS-IP to <switch ip>.
*Oct 24 20:35:09:349 2016 SW_CORE_LAB RDS/7/DEBUG: Send: IP=[<server ip>], UserIndex=[113], ID=[14], RetryTimes=[0], Code=[1], Length=[266]
*Oct 24 20:35:09:349 2016 SW_CORE_LAB RDS/7/DEBUG:
Event: Set socket VPN attribute, VPN index=0, Result=0!
*Oct 24 20:35:09:350 2016 SW_CORE_LAB RDS/7/DEBUG: Send Raw Packet is:
*Oct 24 20:35:09:350 2016 SW_CORE_LAB RDS/7/DEBUG:
01 0e 01 0a 3b f6 76 ad d3 23 0c 68 ea 8a 84 a6
11 dd 10 41 01 12 61 72 74 75 67 40 6c 62 76 2e
6f 72 67 2e 62 72 02 22 94 31 d6 f1 b3 1f 17 84
66 90 2d 0b f9 18 44 6c c2 95 2d 94 64 ed 3f 6e
b8 58 8d 38 93 d1 ce e3 04 06 0a 03 a0 1a 20 0d
53 57 5f 43 4f 52 45 5f 42 53 41 05 06 00 00 00
00 57 22 73 6c 6f 74 3d 30 3b 73 75 62 73 6c 6f
74 3d 30 3b 70 6f 72 74 3d 30 3b 76 6c 61 6e 69
64 3d 30 3d 06 00 00 00 05 06 06 00 00 00 01 0e
06 0a 03 a0 1a 1f 13 30 30 2d 30 30 2d 30 30 2d
30 30 2d 30 30 2d 30 30 2c 11 31 31 36 30 39 32
34 32 30 33 35 66 30 31 30 08 06 0a 64 05 b1 1a
4b 00 00 63 a2 1a 06 00 07 10 01 ff 19 48 50 20
33 36 30 30 2d 34 38 20 76 32 20 45 49 20 53 77
69 74 63 68 3c 20 31 30 2e 31 30 30 2e 35 2e 31
37 37 20 30 30 3a 30 30 3a 30 30 3a 30 30 3a 30
30 3a 30 30 3b 06 4b 3d 3b 1f
*Oct 24 20:35:09:378 2016 SW_CORE_LAB RDS/7/DEBUG: Recv MSG,[MsgType=PKT response Index = 20, ulParam3=1195080128]
*Oct 24 20:35:09:379 2016 SW_CORE_LAB RDS/7/DEBUG: Receive Raw Packet is:
*Oct 24 20:35:09:379 2016 SW_CORE_LAB RDS/7/DEBUG:
03 0e 00 14 73 47 3d 7a cb 79 ad b3 a7 01 df 0b
33 ec 4e bd
*Oct 24 20:35:09:380 2016 SW_CORE_LAB RDS/7/DEBUG: Receive:IP=[<server ip>],Code=[3],Length=[20]
*Oct 24 20:35:09:380 2016 SW_CORE_LAB RDS/7/DEBUG: NULL
*Oct 24 20:35:09:381 2016 SW_CORE_LAB RDS/7/DEBUG: RejectMsg=[Rejected by RADIUS server without any message ]
#Oct 24 20:35:10:377 2016 SW_CORE_LAB SSH/4/TrapAuthFailed:
1.3.6.1.4.1.25506.2.22.1.3.0.1 SSH authentication fail trap information
#Oct 24 20:35:10:378 2016 SW_CORE_LAB SSH/4/TrapAuthFailed:
1.3.6.1.4.1.25506.2.22.1.3.0.1 SSH authentication fail trap information
The error message says that the Radius server is not responding, but the same Radius server is used to authenticate all other 3Com Switch 5500, in addition to receiving the same request Swtich HP A3600.
I believe the version of Comware V5, should have some different parameter or Microsoft NPS Radius server or the settings of the Switch AAA.
Can anyone help me?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-02-2016 08:58 AM
11-02-2016 08:58 AM
Re: Authentication Microsoft Radius (NPS) Comware V5 Switch HP A3600
I am facing the same problem. Did you find the solution? Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-15-2017 02:00 PM
03-15-2017 02:00 PM
Re: Authentication Microsoft Radius (NPS) Comware V5 Switch HP A3600
Hello,
I have the same problem, have you found the solution please?
Thanks
Mathieu
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2017 03:21 AM - edited 10-13-2017 03:52 AM
10-13-2017 03:21 AM - edited 10-13-2017 03:52 AM
Re: Authentication Microsoft Radius (NPS) Comware V5 Switch HP A3600
Hi there,
You might already have this but might not, can you try adding this to your config.
Just in case make sure ssh server enable is applied.
To your User-interfaces add command protocol inbound ssh
user-interface vty 0 15
authentication-mode scheme
protocol inbound ssh
Might not need this:
local-user <name>
password cipher <password>(Optional)
authorization-attribute level 3(Optional)
service-type ssh
service-type web(Optional)
password-control length 8(Optional)
#
(Optional) are required if you want to secure your connection if radius server goes down. But defenetly add Service-type ssh.
If you want to connect to switch via web then add "Service-type web" and apply web server enable
Hope this helps.