HPE Community
HPE Aruba Networking & ProVision-based
1833021 Members
2551 Online
110049 Solutions
New Discussion

Re: aaa authentication radius peap-mschapv2 works on 19 out of 20 switches

 
SOLVED
Go to solution
Anonymous
Not applicable

‎12-10-2020 08:13 AM

‎12-10-2020 08:13 AM

aaa authentication radius peap-mschapv2 works on 19 out of 20 switches

The switches are all 2930's, 2920's or 2530's.
All were configured identically for the same 2 NPS servers (Server 2019).

The lines used to configure are:
radius-server host 10.2.1.7 key "asdfasdfasdfasdfasdfasdfasdf"
radius-server host 10.1.1.7 key "asdfasdfasdfasdfasdfasdfasdf"
radius-server timeout 3
radius-server retransmit 1
aaa authentication login privilege-mode
aaa authentication ssh login peap-mschapv2 local
aaa authentication ssh enable peap-mschapv2 local
aaa authentication web login peap-mschapv2 local
aaa authentication web enable peap-mschapv2 local

1 of the 2920's with the same firmware version as the others (WB.16.10.0003) cannot login.  I don't get any failure or success messages in the NPS logs.  It's as if traffic just can't get to the RADIUS servers.  But it is talking to it enough such that it will not fail back to the local admin account on the switch.  The only way I can login to the switch is to make temporary firewall rules on the NPS servers blocking all traffic from that switch IP, then I can use the switches local admin credentials to login.

1 REPLY 1
Anonymous
Not applicable

‎12-10-2020 05:14 PM

‎12-10-2020 05:14 PM

Solution

Re: aaa authentication radius peap-mschapv2 works on 19 out of 20 switches

I figured it out.  Even though ntp was enabled, the date/time was off by 30 years.  I guess it never got set correctly when ntp was enabled and the time skew was too far off to correct?

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.