Hewlett Packard Enterprise Community
Help
cancel
Turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

aaa authentication radius peap-mschapv2 works on 19 out of 20 switches

SOLVED
Go to solution
Highlighted
Anonymous
Not applicable
‎12-10-2020 08:13 AM
‎12-10-2020 08:13 AM
Solved!

aaa authentication radius peap-mschapv2 works on 19 out of 20 switches

The switches are all 2930's, 2920's or 2530's.
All were configured identically for the same 2 NPS servers (Server 2019).

The lines used to configure are:
radius-server host 10.2.1.7 key "asdfasdfasdfasdfasdfasdfasdf"
radius-server host 10.1.1.7 key "asdfasdfasdfasdfasdfasdfasdf"
radius-server timeout 3
radius-server retransmit 1
aaa authentication login privilege-mode
aaa authentication ssh login peap-mschapv2 local
aaa authentication ssh enable peap-mschapv2 local
aaa authentication web login peap-mschapv2 local
aaa authentication web enable peap-mschapv2 local

1 of the 2920's with the same firmware version as the others (WB.16.10.0003) cannot login.  I don't get any failure or success messages in the NPS logs.  It's as if traffic just can't get to the RADIUS servers.  But it is talking to it enough such that it will not fail back to the local admin account on the switch.  The only way I can login to the switch is to make temporary firewall rules on the NPS servers blocking all traffic from that switch IP, then I can use the switches local admin credentials to login.

1 REPLY 1
Anonymous
Not applicable
‎12-10-2020 05:14 PM
‎12-10-2020 05:14 PM
Solution

Re: aaa authentication radius peap-mschapv2 works on 19 out of 20 switches

I figured it out.  Even though ntp was enabled, the date/time was off by 30 years.  I guess it never got set correctly when ntp was enabled and the time skew was too far off to correct?

0 Kudos