HPE Aruba Networking & ProVision-based
1834501 Members
2536 Online
110068 Solutions
New Discussion

Radius Auth on Procurve 2610 - Server denies request, but access still granted into priv mode

 
C3P0
Occasional Visitor

Radius Auth on Procurve 2610 - Server denies request, but access still granted into priv mode

As title suggests, I log into my J9086A (#R.11.107), which is set up to authticate against a RADIUS server.

 

I can see from IAS server logs that the request is denied. To confirm, I ran Wirehark, which also confirms the switch contacts the RADIUS server 3 times, but does not receive a repsonse from it, meaning the access should be denied.

 

I can even see in the switch log that the RADIUS server did not respond:

I 07/25/14 19:45:57 radius: Can't reach RADIUS server x.x.x.x

W 07/25/14 19:45:57 auth: User 'JBloggs' login from y.y.y.y
I 07/25/14 19:45:58 mgr: SME SSH from y.y.y.y - MANAGER Mode

 

Despite not receving an access granted repsonse, the switch still allows me in, straight through to priv mode.

 

My sanitised aaa config is below.

 

radius-server dead-time 5
radius-server timeout 3
radius-server retransmit 2
radius-server host x.x.x.x key 123456789

aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

 

Can anyone see anything wrong with the config?

 

 

P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based. -HP Forum Moderator

1 REPLY 1
Vince-Whirlwind
Honored Contributor

Re: Radius Auth on Procurve 2610 - Server denies request, but access still granted into priv mode

It's defaulting to "local" because it isn't receiving a negative response from the Radius server, it's receiving no response at all.

Maybe you have the IP address wrong, or the key wrong. Or maybe you need to specify a different port.