HPE Community
Switches, Hubs, and Modems
1751723 Members
5275 Online
108781 Solutions
New Discussion

Problem using oobm for aaa w/radius on 6120XG

 
Brandon Farmer
Occasional Contributor

‎07-29-2011 09:48 PM

‎07-29-2011 09:48 PM

Problem using oobm for aaa w/radius on 6120XG

Hi there,

 

I have a number of 6120XG blade switches for which I'm attempting to configure aaa with radius for authentication.  I have these switches setup with no IP address other than the OOBM interface.  I've tried configuring aaa with radius according to the docs, but it seems like the messages are never making it to my Radius server (Windows 2008 NPS).  Here's the config I'm using:

 

radius-server host 10.7.0.70 key "secretkey" oobm

aaa authentication ssh login radius local

aaa authentication ssh enable radius local

 

I've tailed the NPS log on the Windows server and I never see the request hit the NPS server.  I see this error in the log:

 

07/30/11 04:39:13 00421 radius: Can't reach RADIUS server 10.7.0.70

 

Which the docs say is a mismatched key, but I've checked, double-checked, retyped, and checked again, and the keys match. 

 

 

Here's the full config:

 

RAD-BS1-A# sh run
Running configuration:
; 516733-B21 Configuration Editor; Created on release #Z.14.26
hostname "RAD-BS1-A"

qos dscp-map 111000 priority 7

qos dscp-map 110000 priority 6

qos dscp-map 101000 priority 5

qos dscp-map 100000 priority 4

qos dscp-map 011000 priority 3

qos dscp-map 010000 priority 2

qos dscp-map 001000 priority 1

qos dscp-map 000000 priority 0

interface 23

   disable

   lacp Active

exit

interface 24

   disable

   lacp Active

exit

interface 17

   name "RAD-6509E-2_Te5/2"

exit

ip default-gateway 10.7.3.1

vlan 1

   name "DEFAULT_VLAN" 

   untagged 17-24

   no untagged 1-16

   no ip address

   exit

vlan 2

   name "Server_VLAN"

   untagged 1-2,4-8,10-16

   tagged 3,9,17

   no ip address

   ip igmp high-priority-forward

   exit

vlan 50

   name "CSM"

   tagged 3,9,17

   no ip address

   exit

logging 10.7.0.108 oobm

logging facility local5

radius-server host 10.7.0.70 key "secretkey" oobm

timesync sntp

sntp unicast

sntp 300

sntp server priority 1 10.7.0.81 3 oobm

snmp-server community "SecretCommunity" unrestricted

aaa authentication ssh login radius local

aaa authentication ssh enable radius local

spanning-tree

spanning-tree config-name "Cisco-HP"

spanning-tree config-revision 1

spanning-tree instance 1 vlan 1 2 30 50 66 70 75 80 100-102 999

spanning-tree instance 2 vlan 20 40

oobm

   ip address 10.7.3.13 255.255.255.0

   ip default-gateway 10.7.3.1

   exit

primary-vlan 2

password manager

Thanks in advance!

1 person had this problem.
0 Kudos
3 REPLIES 3
apezuela
Occasional Visitor

‎03-13-2012 10:45 AM

‎03-13-2012 10:45 AM

Re: Problem using oobm for aaa w/radius on 6120XG

Hi,

 

 I have the same problem. I capturing traffic with sniffer and I am not seeing radius request.

 

Best regards,

0 Kudos
Brandon Farmer
Occasional Contributor

‎03-13-2012 10:52 AM

‎03-13-2012 10:52 AM

Re: Problem using oobm for aaa w/radius on 6120XG

I should've responded back to this thread, but the fix seemed to be upgrading to the latest Firmware for these devices. 

 

Good luck!

0 Kudos
apezuela
Occasional Visitor

‎03-20-2012 08:13 AM

‎03-20-2012 08:13 AM

Re: Problem using oobm for aaa w/radius on 6120XG

 What firmware version do you have?

 

Image stamp: /sw/code/build/vern(Z_14_zinfip_t4b)
Oct 13 2011 13:12:25
Z.14.29

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.