Radius Auth on Procurve 2610 - Server denies request, but access still granted into priv mode

C3P0 · ‎07-25-2014

As title suggests, I log into my J9086A (#R.11.107), which is set up to authticate against a RADIUS server.

I can see from IAS server logs that the request is denied. To confirm, I ran Wirehark, which also confirms the switch contacts the RADIUS server 3 times, but does not receive a repsonse from it, meaning the access should be denied.

I can even see in the switch log that the RADIUS server did not respond:

I 07/25/14 19:45:57 radius: Can't reach RADIUS server x.x.x.x

W 07/25/14 19:45:57 auth: User 'JBloggs' login from y.y.y.y
I 07/25/14 19:45:58 mgr: SME SSH from y.y.y.y - MANAGER Mode

Despite not receving an access granted repsonse, the switch still allows me in, straight through to priv mode.

My sanitised aaa config is below.

radius-server dead-time 5
radius-server timeout 3
radius-server retransmit 2
radius-server host x.x.x.x key 123456789

aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

Can anyone see anything wrong with the config?

P.S. This thread has been moved from Switches, Hubs, Modems (Legacy ITRC forum) to ProCurve / ProVision-Based. -HP Forum Moderator

Vince-Whirlwind · ‎07-27-2014

It's defaulting to "local" because it isn't receiving a negative response from the Radius server, it's receiving no response at all.

Maybe you have the IP address wrong, or the key wrong. Or maybe you need to specify a different port.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Radius Auth on Procurve 2610 - Server denies request, but access still granted into priv mode

Radius Auth on Procurve 2610 - Server denies request, but access still granted into priv mode

Re: Radius Auth on Procurve 2610 - Server denies request, but access still granted into priv mode