Problem Radius attibutes HP procurve and H3C Switchs

Candema1 · ‎02-13-2017

Hello, I have a pb to configure the switch HP procurve 2610 and 2600 and switch H3C 5130 and A3600 and S3600 on the radius, I can not get different rights on the switch. Either I have admin rights or the login window closes as soon as I have the connection to the switch. Would you have the Radius attributes for these models and the setting of the radius SVP?

Excuse for my english language.

My Configuration HP Procurve:

hostname "ProCurve Switch 2610-24"
ip default-gateway x.x.x.x
snmp-server community "public" Unrestricted
vlan 1
   name "DEFAULT_VLAN"
   untagged 1-28
   ip address x.x.x.x x.x.x.x
   exit
radius-server host x.x.x.x acct-port 1646 auth-port 1645 key "xxxxxx"
radius-server key "xxxxxx"
aaa authentication num-attempts 10
aaa authentication console enable radius local
aaa authentication telnet login radius local
aaa authentication telnet enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication port-access eap-radius authorized
aaa authentication login privilege-mode
aaa port-access authenticator active
ip ssh
no dhcp config-file-update
password manager
password operator

Thanks for your help

Best regards

Mathieu

TerjeAFK · ‎02-13-2017

These attributes work for us.

For Procurve operator:

Type                             Name                 Value
Radius:Hewlett-Packard-Enterprise HPE-Privilege-Level  5
Radius:IETF                       Service-Type         NAS-Prompt-User (7)

For Procurve manager:

Type                                Name                Value
Radius:Hewlett-Packard-Enterprise   HPE-Privilege-Level  0
Radius:IETF                         Service-Type         Administrative-User (6)

For Comware manager:

Type Name Value
Radius:Cisco Cisco-AVPair shell:roles=network-admin

Candema1 · ‎02-13-2017

Thank you but I did not find Hewlett-Packard-Entreprise, HPE-Privilege-Level and IEFF Service Type: Nas Propt-User in my server NPS.

I have cisco, vendor specific or other but not hp

Thank you

Candema1 · ‎02-13-2017

Please,

I can not configure the H3C switches, I can not find the HP or H3Com attributes in my NPS server

Thanks for your help.

Mathieu

TerjeAFK · ‎02-14-2017

Have a look at this link if you're using NPS (we use Aruba CLearPass):

https://abouthpnetworking.com/2014/03/16/comware7-radius-based-rbac-user-role-assignment/

Candema1 · ‎02-14-2017

Hello,

This solution works with H3C 5130 models but does not work with H3C 5500 models that must have VSA 010600000003 for administrators, and 010600000001 for operators parameters. It also does not work for models H3C S3600 and H3C A3600.

thanks

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Problem Radius attibutes HP procurve and H3C Switchs

Problem Radius attibutes HP procurve and H3C Switchs

Re: Problem Radius attibutes HP procurve and H3C Switchs

Re: Problem Radius attibutes HP procurve and H3C Switchs

Re: Problem Radius attibutes HP procurve and H3C Switchs

Re: Problem Radius attibutes HP procurve and H3C Switchs

Re: Problem Radius attibutes HP procurve and H3C Switchs