NPS Switch HP 5500 RADIUS

Davydov · ‎03-06-2019

Hello.

Help, please, to deal with the problem. I've been fighting for a week. Radius authorization on the switch A5500-24G-4SFP does not work. Version release latest. On firmware R5101P05, R5203P02 – same problem.

Settings switch:

#
 version 5.20.99, Release 5501P36
#
 domain default enable system
#
radius scheme RADIUS
 primary authentication 192.168.1.1
 key authentication cipher KEY
 user-name-format without-domain
domain DOMAIN.local
 authentication login radius-scheme RADIUS
 authorization login radius-scheme RADIUS
 accounting login radius-scheme RADIUS
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
 ssh server enable
#
user-interface aux 0 5
user-interface vty 0 4
authentication-mode scheme
 protocol inbound ssh

Log switch:

%Mar 6 19:55:57:113 2019 HP5500HI-IRF SC/6/SC_AAA_LAUNCH: -AAAType=AUTHEN-AAAScheme= radius-scheme radius-Service=login-UserName=test@DOMAIN.local; AAA launched.
%Mar 6 19:56:06:110 2019 HP5500HI-IRF SC/5/SC_AAA_FAILURE: -AAAType=AUTHEN-AAAScheme= radius-scheme radius-Service=login-UserName=test@DOMAIN.local; AAA is failed. No response.
%Mar 6 19:56:06:111 2019 HP5500HI-IRF SHELL/5/SHELL_LOGINFAIL: SSH user test@DOMAIN.local failed to log in from 192.168.1.2 on VTY1..
%Mar 6 19:56:08:507 2019 HP5500HI-IRF SSH/6/SSH_CONNECTION_CLOSE: STEL user test@DOMAIN.local (IP: 192.168.1.2) logged out because the SSH client closed the connection.

Also in the network installed HPE A3100-24 v2 EI, they Radius works correctly.

Thanks. I really hope for your help.

milan09 · ‎03-20-2019

Hello,

Please provide the radius debug output.

<>debugging radius packet

Thanks,

cgu · ‎03-20-2019

I may be wrong but it seems to me you are actually using the default "system" auth domain, not the "DOMAIN.local" one you've created. So the switch won't even try to contact the radius server.

Davydov · ‎03-20-2019

Thanks. The problems were solved by the team:

#
 radius nas-ip [IP-CLIENT-SWITCH]
#
 domain default enable DOMAIN.local

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

NPS Switch HP 5500 RADIUS

NPS Switch HP 5500 RADIUS

Re: NPS Switch HP 5500 RADIUS

Re: NPS Switch HP 5500 RADIUS

Re: NPS Switch HP 5500 RADIUS