- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- HPE Aruba Networking & ProVision-based
- >
- Re: AAA Authentication to mange switch
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2012 11:05 AM - edited 02-14-2012 12:05 PM
02-14-2012 11:05 AM - edited 02-14-2012 12:05 PM
AAA Authentication to mange switch
I have a 3500yl that I want to setup RADIUS to require a domain login (primary) when managing the swtich, local as secondary. I have a Windows IAS server where I created a new Access Policy with Windows-Groups, Unencrypted authentication and service-type RADIUS Standard Login.
On the switch I've setup AAA Authentication server and see the following information.
Status and Counters - General RADIUS Information
Deadtime(min) : 0
Timeout(secs) : 3
Retransmit Attempts : 2
Global Encryption Key :
Dynamic Authorization UDP Port : 3799
Source IP Selection : Outgoing Interface
Auth Acct DM/ Time |
Server IP Addr Port Port CoA Window | Encryption Key OOBM
--------------- ---- ---- --- ------ + -------------------------------- ----
10.0.0.10 1645 1646 No 300 | xxxxxxx No
********************************************************************************
Status and Counters - Authentication Information
Login Attempts : 2
Respect Privilege : Disabled
| Login Login Login
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Local None
Telnet | Local None
Port-Access | Local None
Webui | Radius radius Local
SSH | Local None
Web-Auth | ChapRadius radius None
MAC-Auth | ChapRadius radius None
SNMP | Local None
| Enable Enable Enable
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Local None
Telnet | Local None
Webui | Radius radius Local
SSH | Local None
********************************************************************************
Status and Counters - RADIUS Server Information
Server IP Addr : 10.0.0.10
Authentication UDP Port : 1645 Accounting UDP Port : 1646
Round Trip Time : 0 Round Trip Time : 0
Pending Requests : 0 Pending Requests : 0
Retransmissions : 6 Retransmissions : 0
Timeouts : 9 Timeouts : 0
Malformed Responses : 0 Malformed Responses : 0
Bad Authenticators : 0 Bad Authenticators : 0
Unknown Types : 0 Unknown Types : 0
Packets Dropped : 0 Packets Dropped : 0
Access Requests : 3 Accounting Requests : 0
Access Challenges : 0 Accounting Responses : 0
Access Accepts : 0
Access Rejects : 0
I am not able to login to the Webui with my domain account which I know is in the group assigned to the IAS policy. It appears to attempt authentication from the above log but it just redirects back to the login screen.
I've reviewed several documents on this and just need a little help to get this configured.
- ftp://ftp.hp.com/pub/networking/software/3500-5400-6200-ASG-0207-K.12.XX-Book.pdf
- http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S1_Web-Authentication-final-080608.pdf
Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-14-2012 12:44 PM
02-14-2012 12:44 PM
Re: AAA Authentication to mange switch
No server(s) responding.
However, once I login with the local account I can verify that I am able to ping the radius server from the switch. Also the UDP port I am using 1645 is open as I use it with my Cisco routers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2012 05:14 AM
02-17-2012 05:14 AM
Re: AAA Authentication to mange switch
Can post your AAA configuration part? pls
this lines should be configured
radius-server host 192.168.XXX.XXX key "secret"
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2012 11:21 AM
02-17-2012 11:21 AM
Re: AAA Authentication to mange switch
Here is what I have in the config for AAA
radius-server host 10.0.0.10 key xxxxx
radius-server timeout 3
radius-server retransmit 2
aaa authentication num-attempts 2
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-17-2012 01:46 PM
02-17-2012 01:46 PM
Re: AAA Authentication to mange switch
Finally got it working, it was a painfully stupid mistake on my part. Fat fingered the shared secret.