HPE Community
Switches, Hubs, and Modems
1753706 Members
4684 Online
108799 Solutions
New Discussion юеВ

Re: GbE2c Radius

 
Richard Crimp
New Member

тАО09-29-2008 03:28 PM

тАО09-29-2008 03:28 PM

GbE2c Radius

I'm Trying to configure radius. I have configured the switches as follows.

radius-server primary-host xxx.xxx.xxx.xxx ekey "Some Secret"
radius-server timeout 10
radius-server enable
no radius-server backdoor
radius-server secure-backdoor


Using wireshark the switch sends access-request packet to the radius server and the radius server responds with an Access-Accept. But the switch logs me out.

What radius server attribute do i need to set to allow access.

Thanks
0 Kudos
12 REPLIES 12
Jeff Carrell
Honored Contributor

тАО09-29-2008 06:56 PM

тАО09-29-2008 06:56 PM

Re: GbE2c Radius

what radius access are you wanting to achieve?

802.1X or switch authentication for access?

this will help to know which way to answer...

cheers...jeff
0 Kudos
Richard Crimp
New Member

тАО09-29-2008 06:59 PM

тАО09-29-2008 06:59 PM

Re: GbE2c Radius

We are trying to achieve radius authentication for switch access.
0 Kudos
Jeff Carrell
Honored Contributor

тАО09-30-2008 02:29 AM

тАО09-30-2008 02:29 AM

Re: GbE2c Radius

ahh, for switch mgmt access, you need a few more commands:

'aaa authentication radius '

access-method = console, telnet, ssh, web

user-level = login (oper) or enable (mgr)

sec-auth-method = for console, no choice but local, for all other local -or- none

generally you will have 2 of these commands for each access-method/user-level...

refer to this link for more details:
http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-ASG-Jan08-6-RADIUS.pdf

hth...jeff
0 Kudos
Richard Crimp
New Member

тАО09-30-2008 02:35 PM

тАО09-30-2008 02:35 PM

Re: GbE2c Radius

HI Jeff,

I tried the commands you suggested but the GbE2c uses a different command set to the procurve range.
0 Kudos
Jeff Carrell
Honored Contributor

тАО09-30-2008 02:45 PM

тАО09-30-2008 02:45 PM

Re: GbE2c Radius

what is the GbE2c?

i thought some of the radius commands you showed looked a bit different...

sorry can't be of more assistance...

cheers...jeff
0 Kudos
Richard Crimp
New Member

тАО09-30-2008 02:47 PM

тАО09-30-2008 02:47 PM

Re: GbE2c Radius

The GbE2c is the blade switch used in a c-class blade enclosure.
0 Kudos
jhodges125
New Member

тАО02-02-2009 11:55 AM

тАО02-02-2009 11:55 AM

Re: GbE2c Radius

Amy am having the same issue here and was wondering if fix was ever found?

Thanks,
John

I am using Freeradius
0 Kudos
Richard Crimp
New Member

тАО02-02-2009 12:29 PM

тАО02-02-2009 12:29 PM

Re: GbE2c Radius

The solution is as below. IF you have any problems please let me know.

To get Radius working on IAS 2003

1. Open IAS Admin Tool
2. Select the correct Remote Policy
3. Set it with the following

Service-Type Administrative

If you wish to allow people access to the switch without the ability to make changes or you will need to manually edit the following file
C:\windows\system32\ias\dnary.mdb
in the Enumerators table at the bottom add the following

HP User Service-Type 255
0 Kudos
David MF
New Member

тАО05-11-2009 11:48 PM

тАО05-11-2009 11:48 PM

Re: GbE2c Radius

Hi!

We're having problems trying to authenticate with Freeradius on Gbe2c and Gbe2p Blade ethernet switches modules.

We have configured different reply attributes on freeradius for Cisco and HP Procurve swithes, but it doesn't work with blade modules.

Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Service-Type = Administrative-User

When we try to authenticate by telnet we get access aceptted on freeradius, but i think the Reply attribute we're using is not correct. Any idea?

Sending Access-Accept of id 160 to 1.2.3.4 port 3010

Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Service-Type = Administrative-User

Finished request 1.

Is there any way to debug radius events on the Gbe2c/Gbe2p modules?

Thanks!
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.