HPE Community
Comware Based
1826244 Members
3051 Online
109692 Solutions
New Discussion

Re: Slow login radius

 
J-Slegers
Visitor

‎10-14-2020 04:33 AM

‎10-14-2020 04:33 AM

Slow login radius

Hello,

We are implementing radius on our switches for management. I have used the following setup :

radius scheme RADIUS
primary authentication xxx.xxx.xxx.xxx key xxxx
primary accounting xxx.xxx.xxx.xxx key xxxx
secondary authentication xxx.xxx.xxx.xxx key xxxx
secondary accounting xxx.xxx.xxx.xxx key xxxx
user-name-format without-RADIUS
quit
domain domain.local
authentication default radius-scheme RADIUS local
authorization default radius-scheme RADIUS local
access-limit disable
state active
idle-cut disable
self-service-url disable
accounting login radius-scheme RADIUS local
quit
domain default enable domain.local

What we see is that it takes about 10 seconds till we are in. On our Cisco devices it is instant. Is this normal behaviour for the Comware switches? 

0 Kudos
5 REPLIES 5
-Alex-
HPE Pro

‎10-14-2020 05:18 AM

‎10-14-2020 05:18 AM

Re: Slow login radius

Hello J-Slegers,

I am not sure how you measure the authentication delay, what type of authenticaction you do -dot1x, MAC or for administration purposes and on what type of device, 

Maybe it will help if you provide sanitized configuration under the port or where authentication is used. 

I am an HPE Employee

Accept or Kudo

0 Kudos
J-Slegers
Visitor

‎10-14-2020 06:33 AM

‎10-14-2020 06:33 AM

Re: Slow login radius

Hello Alex,

I measure at the point when I hit enter at the password. The radius server is a Windows 2019 running on Azure. 

Maybe it will help if you provide sanitized configuration under the port or where authentication is used.

What do you mean by this?

 

John

0 Kudos
-Alex-
HPE Pro

‎10-14-2020 07:07 AM - edited ‎10-14-2020 07:09 AM

‎10-14-2020 07:07 AM - edited ‎10-14-2020 07:09 AM

Re: Slow login radius

Hello John,

I mean if you are using radius to authenticate  for example 802.1x you should have configuration under the ports where it is needed and if under the port configuration there is information which might disclose information which you would not like to share in the public forum so it has to be removed /sanitised/ or changed e.g. - description uplink to core 10.0.0.1 or some ip etc. 

 

I am an HPE Employee

Accept or Kudo

0 Kudos
J-Slegers
Visitor

‎10-15-2020 05:53 AM

‎10-15-2020 05:53 AM

Re: Slow login radius

Sorry maybe my mistake but we want to use radius for ssh authentication to the switch. 

0 Kudos
-Alex-
HPE Pro

‎10-16-2020 08:53 AM - edited ‎10-16-2020 08:53 AM

‎10-16-2020 08:53 AM - edited ‎10-16-2020 08:53 AM

Re: Slow login radius

Hello John,

the authentication is as fast on comware as in cisco. There could be something else you may check with debug on comware and capture on the end client and see if there is a delay in some part of the authentication.

Which swtich model and os version you are using?

What is the status of the CPU? is it heavy loaded?

I am an HPE Employee

Accept or Kudo

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.