Community
Comware Based
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

NPS Switch HP 5500 RADIUS

 
SOLVED
Go to solution
Davydov
Davydov
Occasional Visitor

‎03-06-2019 07:43 AM

‎03-06-2019 07:43 AM

NPS Switch HP 5500 RADIUS

Hello.

Help, please, to deal with the problem. I've been fighting for a week. Radius authorization on the switch A5500-24G-4SFP does not work. Version release latest. On firmware R5101P05, R5203P02 – same problem.

Settings switch:

#
 version 5.20.99, Release 5501P36
#
 domain default enable system
#
radius scheme RADIUS
 primary authentication 192.168.1.1
 key authentication cipher KEY
 user-name-format without-domain
domain DOMAIN.local
 authentication login radius-scheme RADIUS
 authorization login radius-scheme RADIUS
 accounting login radius-scheme RADIUS
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
 ssh server enable
#
user-interface aux 0 5
user-interface vty 0 4
authentication-mode scheme
 protocol inbound ssh

Log switch:

%Mar 6 19:55:57:113 2019 HP5500HI-IRF SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= radius-scheme radius-Service=login-UserName=test@DOMAIN.local; AAA launched.
%Mar 6 19:56:06:110 2019 HP5500HI-IRF SC/5/SC_AAA_FAILURE: -AAAType=AUTHEN-AAAScheme= radius-scheme radius-Service=login-UserName=test@DOMAIN.local; AAA is failed. No response.
%Mar 6 19:56:06:111 2019 HP5500HI-IRF SHELL/5/SHELL_LOGINFAIL: SSH user test@DOMAIN.local failed to log in from 192.168.1.2 on VTY1..
%Mar 6 19:56:08:507 2019 HP5500HI-IRF SSH/6/SSH_CONNECTION_CLOSE: STEL user test@DOMAIN.local (IP: 192.168.1.2) logged out because the SSH client closed the connection.

Image1

Image2

Image3

Also in the network installed HPE A3100-24 v2 EI, they Radius works correctly.

Thanks. I really hope for your help.

0 Kudos
Reply
3 REPLIES 3
milan09
milan09
Frequent Visitor

‎03-20-2019 02:42 AM

‎03-20-2019 02:42 AM

Re: NPS Switch HP 5500 RADIUS

Hello,

Please provide the radius debug output.

<>debugging radius packet

 

Thanks,

0 Kudos
Reply
cgu
cgu
Advisor

‎03-20-2019 04:44 PM

‎03-20-2019 04:44 PM

Solution

Re: NPS Switch HP 5500 RADIUS

I may be wrong  but it seems to me you are actually using the default "system" auth domain, not the "DOMAIN.local" one you've created. So the switch won't even try to contact the radius server.

0 Kudos
Reply
Davydov
Davydov
Occasional Visitor

‎03-20-2019 09:35 PM - edited ‎03-20-2019 09:36 PM

‎03-20-2019 09:35 PM - edited ‎03-20-2019 09:36 PM

Re: NPS Switch HP 5500 RADIUS

Thanks. The problems were solved by the team:

#
 radius nas-ip [IP-CLIENT-SWITCH]
#
 domain default enable DOMAIN.local

 

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.