Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

HP2626 & freeradius

José Ibañez
Occasional Visitor

HP2626 & freeradius

Hi,

I want to manage the login to my ProCurve Switch 2626 with freeradius. Now I manage the login of my cisco switchs.

I a newbie in hp switch, I've configured only this in switch:


CODE
aaa authentication telnet login radius local
radius-server host 10.0.0.230 key SWMADCOREKEY

and It's work I can login with users of my freeradis server, but when I login I don't get the exec promt (#), I have to execute enable and put the login and pass of local switch.

In my freeradius server I had to add next line to login in my cisco switchs:


CODE
cisco-avpair = "shell:priv-lvl=15"

Should I add something in freeradius configuration to work whit hp switchs ?

Can any body give me a explample of configuracion of hp sw and freeradis ?

Where can I get more information about this subject ?

Thanks in advance.

JI
4 REPLIES
Matt Hobbs
Honored Contributor

Re: HP2626 & freeradius

You need to enable 'aaa authentication login privilege-mode' - check the Access Security Guide for more information on this feature.
lrosales
Advisor

Re: HP2626 & freeradius

i believe you also have to enter the following command.
aaa authentication telnet enable radius local
lrosales
Advisor

Re: HP2626 & freeradius

Jose, take a look at page 12 in the following link.
ftp://ftp.hp.com/pub/networking/software/6400-5300-4200-3400-Security-Oct2006-59906052-Chap06.pdf

Matt is correct, however the the section dealing with this command seems to have been omitted from the Access Security Guide in the 2600 series manuals. The link above is from the 3400 series.
José Ibañez
Occasional Visitor

Re: HP2626 & freeradius

Hi all,

I test the two commands:

aaa authentication telnet enable radius local
aaa authentication login privilege-mode

And I can't login in "enable mode". I execute telnet, I put the user and password and I login in switch in the "login mode",
then I execute enable command, I put same user and password, the switch accepts the login but I dosen't go to "enable modem".
The switch accepts all user/password of radius server but I can get in "enable mode".

Next, I erase the las command 'aaa authentication login privilege-mode' and now I can get in "enable mode",
but I need to execute the "enable" command and to put the user and password again.

Thanks for the help, I can work for a long time with the last configuration.

BR // JI