Comware Based
Showing results for 
Search instead for 
Did you mean: 

User roles with AAA through Radius authentication HP A series

Occasional Visitor

User roles with AAA through Radius authentication HP A series

Hello there,


Currently we are implementing AAA for authentication on our network devices. Before implementing I tested the configuration on a HP A-5120, a HP Procurve3500 and some Cisco switches. Microsoft NPS acts as the radius server.


In my PoC everything was accepted so I proceeded to the implementation in the production network at the main site. I started with a HP A5830. This is where the problem started.


While all the configuration is identical as the perfect working PoC, I cannot seem to get the right privilege levels in the production.


I tried to authenticate through the radius server in the PoC so the same already proven policy was used but that did not change anything. The only difference is the type of switch HP A5120 vs HP A5830.


Did I forget something in my configuration?


The HP A5830 config is:


domain default enable domain.local


radius scheme radius
primary authentication
secondary authentication
primary accounting
secondary accounting
key authentication KEY
key accounting KEY
user-name-format without-domain


domain domain.lan
authentication default radius-scheme radius
authorization default radius-scheme radius
authentication login radius-scheme radius
accounting login radius-scheme radius

user-interface vty 0 15
acl 2022 inbound
authentication-mode scheme
user privilege level 3
idle-timeout 60 0




Any help would be kindly appreciated.





Respected Contributor

Re: User roles with AAA through Radius authentication HP A series



I'm not sure if its on purpose, but it looks like you did not configure athorization in the radius scheme



radius scheme radius

 primary authorization

 secondary authorization




also, you enable the  default domain as domain.local

(domain default enable domain.local)


but its in your domain "domain.lan" that you use the radius scheme "radius".

maybe you you need to try to set the default domain to domain.lan.


also remember to enable the ssh server if you want to use ssh.

ssh server enable



Søren Dideriksen


Søren Dideriksen, Network Administrator
Region Midtjylland
Occasional Advisor

Re: User roles with AAA through Radius authentication HP A series



If I understad correctly AAA authentication works, only you can't get right privilege level.

I had the same problem with A5820. My switches have comware v5. So:

1. In the radius scheme radius you have to write "server-type extended"

2. Provide correct privilege level in the Radius. You should add Vendor-Specific attribute: Vendor code - 25506, value - the privilege level you want.