HPE Community
HPE Aruba Networking & ProVision-based
1828242 Members
2403 Online
109975 Solutions
New Discussion

Radius Authentication Problem with 3Com Super Stack 4 Switch (550G-EI 24-Port)

 
3comuser2012
New Member

‎03-02-2012 02:51 PM

‎03-02-2012 02:51 PM

Radius Authentication Problem with 3Com Super Stack 4 Switch (550G-EI 24-Port)

I am attempting to enable RADIUS Authentication on a 3Com Super Stack 4 Switch and I cannot seem to get the switch to recognize the User Level.

 

On the switch, I have the following configured

 

user-interface vty 0 4

 authentication-mode scheme

 

domain default enable myorg.org

 

domain myorg.org

 

radius scheme myorg-radius

 primary authentication myorg-radius-ip-address

 primary accounting myorg-radius-ip-address

 key authentication myorg-radius-key

 key accounting myorg-radius-key

 user-name-format without-domain

 

authentication login radius-scheme myorg-radius local

accounting radius-scheme myorg-radius

 

We have a Cisco ACS 1121 Firmware 5.2 Patch 8

 

RADIUS VSA

Vendor: US Robotics

Vendor ID: 429

 

US Robotics Radius Dictionary

Attribute: 3Com-User-Access-Level

ID: 1

Type: String

Direction: Both

 

Policy Elements: Authorization Profile

Name: 3Com-Radius

 Radius Attributes (Manually Entered)

 Attribute: 3Com-User-Access-Level

 Type: String

 Value: (I have tried a number of values: 3Com-Administrator, 3Com-Administrator 3, Just the number 3)

 

Once I create the Radius Access Policy calling the Radius Authorization Profile, I am able to log onto the switch; however, the switch lists my account with level 0.

 

I see in the ACS Radius Authentication logs the VSA Value whatever I have set is being passed to the device.

 

I have performed some wireshark captures and I see the Access-Accept from the ACS server to the switch but the switch doesn't recognize the values I am sending.

 

What do you suggest?

 

Thanks in advance.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.