Comware Based
Showing results for 
Search instead for 
Did you mean: 

WEB UI RADIUS login on HPE FlexFabric 5940 Switch

Go to solution
Occasional Visitor

WEB UI RADIUS login on HPE FlexFabric 5940 Switch


I'm trying to figure out how to configure the switch to use a FreeRADIUS server to authenticate administrative users login via ssh console and http/https web interface.

I can log in via ssh using remote authentication, but when I try with the web interface login fails, unless I revert back to local authentication.

Switch configuration:

 radius nas-ip
radius scheme freeradius
 primary authentication
 primary accounting
 key authentication cipher $c$3$xx8togAIeqxrv48t+KNFZOIzHK59vs4spTAC
 key accounting cipher $c$3$1Qf5ykeNjfyxHHjlyfgBJgtYAIUVRXs0wNJ7
 user-name-format keep-original
domain system
 authentication login radius-scheme freeradius local
 authorization login radius-scheme freeradius local
 accounting login none
 domain default enable system


FreeRADIUS user configuration:

test Crypt-Password := "$1$oR8zS6aH$ZtHIp6RyZgq35ugkKBe37/"
        Service-Type = Administrative-User,
        Login-Service = 50,
        Cisco-AVPair = "shell:roles\"network-admin\"",
        Cisco-AVPair += "shell:priv-lvl-15"


Can anyone help me?

Thanks in advance,



Re: WEB UI RADIUS login on HPE FlexFabric 5940 Switch


Web GUI is not officially supported method for managing this switch. You see it by yourself how limited and underdeveloped it is and it is so because R&D decided to drop it and what has been left is far from perfect. 

However, just in sake of curiosity if you really want that Web GUI, you can try two options (without any promise that they will work since the feature is not supported):

1. Do not send RADIUS attribute 15 (Login-Service) at all.
2. Configure "attribute 15 check-mode loose" under the radius-scheme context and make your RADIUS sending "Login-Service=0" in Access-Accept messages. This command will force the switch to match the standard Login-Service attribute value 0 for SSH, FTP, and terminal services. Chances are it will be accepted for the Web GUI as well.


I am an HPE employee

Accept or Kudo

Occasional Visitor

Re: WEB UI RADIUS login on HPE FlexFabric 5940 Switch

Your first solution did the job

Thank you so much, Ivan!