HPE Community
HPE Aruba Networking & ProVision-based
1820072 Members
2792 Online
109608 Solutions
New Discussion юеВ

HP Procurve NPS RADIUS Attributes For Manager and Operator

 
SOLVED
Go to solution
Usaia Tawakevou
Valued Contributor

тАО02-01-2018 03:52 PM

тАО02-01-2018 03:52 PM

HP Procurve NPS RADIUS Attributes For Manager and Operator

Hi,

Got a multivendor network environment with HP/Aruba procurves ranging from 3800, 2900, 2800, 2500 as our access switches. Ive got authentication working with my Cisco's with proper attributes setup on two of my network policy in NPS (win 2K8 server R2 Enterprise) for network admins and operators. Im testing it out now on my HP3800 and it works with authentication and enable access but I want the MANAGER access to be from my network admin network policy and OPERATOR access to be via the network operator network policy. Dont want to add more policy, but just to use the two (admin and operator) and just tweak the vendor apecific attribute on the NPS network policy so when administrator logs in he/she logs in as MANAGER and when a helpdesk staff logs in he/she logs in a an OPERATOR.

Any help will be really apprecciated

Thanks 

0 Kudos
2 REPLIES 2
Usaia Tawakevou
Valued Contributor

тАО02-06-2018 01:31 PM

тАО02-06-2018 01:31 PM

Re: HP Procurve NPS RADIUS Attributes For Manager and Operator

Anyone out there who can help out ?

0 Kudos
Usaia Tawakevou
Valued Contributor

тАО02-07-2018 08:17 PM

тАО02-07-2018 08:17 PM

Solution

Re: HP Procurve NPS RADIUS Attributes For Manager and Operator

Did some more reading and research and I manage find a solution. This is what I did if someone is out there looking for a solution

On NPS with my current network policies (2) for net-admin and net-operator I add in service-Type on the Standard RADIUS Atributes for on both my network policy with the net-admin policy using the Administrative value and my net-operator policy using NAS Prompt as the value. Noting that I want only two network polices to take care of my Cisco and HP Procurve access. See the attach file for the settings of both Network policy

On my switch this is the RADIUS/AAA configuration

radius-server host x.x.x.x
radius-server dead-time 5
radius-server key xxxxx
radius-server timeout 5


aaa authentication login privilege-mode - Once authenticated, go straight to privilege/enable mode
aaa authentication console login radius local - Set the console login order to Radius then Local
aaa authentication console enable radius local - Set the console enable authentication order to Radius then Local
aaa authentication ssh login radius local - Set the SSH login order to Radius then Local
aaa authentication ssh enable radius local - Set the SSH login order to Radius then Local

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.