- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- HPE Aruba Networking & ProVision-based
- >
- HP2920 - how to set peap-radius for auth?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2020 01:02 PM
05-11-2020 01:02 PM
HP2920 - how to set peap-radius for auth?
Hello all,
i would like to confiure the radiusauth like with this part of configline:
aaa authentication web login radius local peap-radiusBut this would not work here. If i have a look in the handbook: https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch06s04.html i can see that the option should work. But maybe i missunderstand the syntax. Here a piece of the doc's:
aaa authentication <console|telnet|ssh|web|<enable|login <local|radius>> web-based|mac-based <chap-radius|peap-radius>>
Here my systeminfo: Software revision : WB.16.10.0005
thanks a lot
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-11-2020 11:36 PM
05-11-2020 11:36 PM
Re: HP2920 - how to set peap-radius for auth?
Hello
You are trying to configure authentication for webUI access for login or operator level. I assume that you need some more secure RADIUS option which protects the credentials when they are transported to the RADIUS server.
In this case why not use peap-mschapv2 istead of radius
HP-2920-24G-PoEP(config)# aaa authentication web login ?
local Use local switch user/password database.
radius Use RADIUS server.
peap-mschapv2 Use RADIUS server with PEAP-MSChapv2.
HP-2920-24G-PoEP(config)# aaa authentication web login peap-mschapv2 local
In this case the switch and the RADIUS server should use PEAP-MSCHAPv2 as a RADIUS protocol. The password will be protected by sending it within an encrypted TLS tunnel. The RADIUS server needs to have a server certificate for EAP.
Did you test this option already? Toe option is not in the documentation but it appears in the CLI context help.
Just a short notice about what login here means. Login access is equal to operator access, this user can only view some information about the switch but cannot change the configuraiton. The enable priviledge provides full access.
HP-2920-24G-PoEP(config)# aaa authentication web ?
enable Configure access to the privileged mode commands.
login Configure login access to the switch.
HP-2920-24G-PoEP(config)# aaa authentication web
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2020 05:24 AM
05-15-2020 05:24 AM
Re: HP2920 - how to set peap-radius for auth?
Thank you very much. I check this