HPE Aruba Networking & ProVision-based
1828242 Members
2403 Online
109975 Solutions
New Discussion

Radius Authentication Problem with 3Com Super Stack 4 Switch (550G-EI 24-Port)

 
3comuser2012
New Member

Radius Authentication Problem with 3Com Super Stack 4 Switch (550G-EI 24-Port)

I am attempting to enable RADIUS Authentication on a 3Com Super Stack 4 Switch and I cannot seem to get the switch to recognize the User Level.

 

On the switch, I have the following configured

 

user-interface vty 0 4

 authentication-mode scheme

 

domain default enable myorg.org

 

domain myorg.org

 

radius scheme myorg-radius

 primary authentication myorg-radius-ip-address

 primary accounting myorg-radius-ip-address

 key authentication myorg-radius-key

 key accounting myorg-radius-key

 user-name-format without-domain

 

authentication login radius-scheme myorg-radius local

accounting radius-scheme myorg-radius

 

We have a Cisco ACS 1121 Firmware 5.2 Patch 8

 

RADIUS VSA

Vendor: US Robotics

Vendor ID: 429

 

US Robotics Radius Dictionary

Attribute: 3Com-User-Access-Level

ID: 1

Type: String

Direction: Both

 

Policy Elements: Authorization Profile

Name: 3Com-Radius

 Radius Attributes (Manually Entered)

 Attribute: 3Com-User-Access-Level

 Type: String

 Value: (I have tried a number of values: 3Com-Administrator, 3Com-Administrator 3, Just the number 3)

 

Once I create the Radius Access Policy calling the Radius Authorization Profile, I am able to log onto the switch; however, the switch lists my account with level 0.

 

I see in the ACS Radius Authentication logs the VSA Value whatever I have set is being passed to the device.

 

I have performed some wireshark captures and I see the Access-Accept from the ACS server to the switch but the switch doesn't recognize the values I am sending.

 

What do you suggest?

 

Thanks in advance.