HPE Aruba Networking & ProVision-based
1832871 Members
3499 Online
110048 Solutions
New Discussion

Re: RADIUS auth on OfficeConnect 1950 switch

 
Anonymous
Not applicable

RADIUS auth on OfficeConnect 1950 switch

I have RADIUS authentication for web and ssh working on about 20 ArubaOS switches.

But now I have this one-off OfficeConnect 1950 switch.  I did all my Aruba configs through the cli but the cli on this thing is a nightmare, so I'm fumbling through the web interface.

I've gone into Security -> Radius and configured a RADIUS scheme with my 2 radius servers defined.

Then I went into Security -> ISP Domains and configure Authentication, Authorization and Accounting to use the Radius scheme.  Everything is set to Active.

But attempting to login with my AD credentials just gives an error in the log: Authentication failed for <user> from <IP address> port 63284 because of invalid username or wrong password .  There is nothing logged on the NPS server.

10 REPLIES 10
akg7
HPE Pro

Re: RADIUS auth on OfficeConnect 1950 switch

Hi,

Is switch reachable to radius server?

Can you share GUI snapshots used to configure radius scheme?

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Anonymous
Not applicable

Re: RADIUS auth on OfficeConnect 1950 switch

Yes the RADIUS servers are reachable, the switch is in the same subnet as the rest of my switches which are working.

2020-12-21 13_48_24-JH295A_Security_Authentication_ISP Domains.png

 

2020-12-21 13_47_50-JH295A_Security_Authentication_RADIUS.png

The key will not stay whether I put it in the same line as the IP or in the box for shared key underneath each section, I don't know which is the correct place to put the preshared key.

Anonymous
Not applicable

Re: RADIUS auth on OfficeConnect 1950 switch

Bueller?

Anonymous
Not applicable

Re: RADIUS auth on OfficeConnect 1950 switch

I guess the answer is don't buy these junk switches.

akg7
HPE Pro

Re: RADIUS auth on OfficeConnect 1950 switch

Hello,

Apologies, missed your post.

Second snapshot  is not clear which you have shared earlier.

Can you check below HPE 1950 user manual pg.165:

https://support.hpe.com/hpesc/public/docDisplay?docId=c04657809

 

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Anonymous
Not applicable

Re: RADIUS auth on OfficeConnect 1950 switch

There is no page 165.  Page 65 is about PKI, which I'm not trying to configure at this point.  I'm simply trying to be able to login to the switch's web interface or SSH using our AD credentials. I have RADIUS working, and I'm doing this on 20+ Aruba switches by simply issuing the following commands:

radius-server host 10.1.1.7 key "asdfasdfasdfasdf"
radius-server host 10.2.1.7 key "asdfasdfasdfasdf"radius-server timeout 3
radius-server retransmit 1
aaa authentication login privilege-mode
aaa authentication ssh login peap-mschapv2 local
aaa authentication ssh enable peap-mschapv2 local
aaa authentication web login peap-mschapv2 local
aaa authentication web enable peap-mschapv2 local

 

akg7
HPE Pro

Re: RADIUS auth on OfficeConnect 1950 switch

Hello,

I apoloies for typo, the pg no is 123.

This switch has limitations.

As a part of troubleshooting can you go to Security > Authentication > ISP Domains and select your domain and select all 'Login', 'LAN Access' & 'Portal' and add radius1 scheme.

Authenticate all 802.1X users who access the switch through that interface in ISP domain.

 Security > Access Control > 802.1x.

Go to Advanced settings page for the interface, set the port auhorization state to Auto and set the mandatory ISP domain to your ISP domain name.

Hopefully it will help you.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo
Anonymous
Not applicable

Re: RADIUS auth on OfficeConnect 1950 switch

Now that link doesn't work.

Anonymous
Not applicable

Re: RADIUS auth on OfficeConnect 1950 switch

I went to Security -> ISP Domains, select my domain, Login was already checked.  I checked Portal and checked RADIUS and Local in each category. 
I'm pretty sure I don't want to select LAN, I haven't said anything about using 802.1x auth for LAN access and I'm not ready to take down the network at this moment.
Nothing changed when logging into the switch.  My domain credentials don't work, and the logs on the 1950 just say Login failed for user: <username> there is no mention of trying to contact a RADIUS server.
Only the local admin users continues to work.

akg7
HPE Pro

Re: RADIUS auth on OfficeConnect 1950 switch

Hello,

In this case  requesting you to log a case with support.

This issue requires support intervention.

Thanks!

Note: While I am an HPE Employee, all of my comments (whether noted or not), are my own and are not any official representation of the companyAccept or Kudo