Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

GbE2c Radius

 
Highlighted
New Member

GbE2c Radius

I'm Trying to configure radius. I have configured the switches as follows.

radius-server primary-host xxx.xxx.xxx.xxx ekey "Some Secret"
radius-server timeout 10
radius-server enable
no radius-server backdoor
radius-server secure-backdoor


Using wireshark the switch sends access-request packet to the radius server and the radius server responds with an Access-Accept. But the switch logs me out.

What radius server attribute do i need to set to allow access.

Thanks
12 REPLIES 12
Highlighted
Honored Contributor

Re: GbE2c Radius

what radius access are you wanting to achieve?

802.1X or switch authentication for access?

this will help to know which way to answer...

cheers...jeff
Highlighted
New Member

Re: GbE2c Radius

We are trying to achieve radius authentication for switch access.
Highlighted
Honored Contributor

Re: GbE2c Radius

ahh, for switch mgmt access, you need a few more commands:

'aaa authentication radius '

access-method = console, telnet, ssh, web

user-level = login (oper) or enable (mgr)

sec-auth-method = for console, no choice but local, for all other local -or- none

generally you will have 2 of these commands for each access-method/user-level...

refer to this link for more details:
http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-ASG-Jan08-6-RADIUS.pdf

hth...jeff
Highlighted
New Member

Re: GbE2c Radius

HI Jeff,

I tried the commands you suggested but the GbE2c uses a different command set to the procurve range.
Highlighted
Honored Contributor

Re: GbE2c Radius

what is the GbE2c?

i thought some of the radius commands you showed looked a bit different...

sorry can't be of more assistance...

cheers...jeff
Highlighted
New Member

Re: GbE2c Radius

The GbE2c is the blade switch used in a c-class blade enclosure.
Highlighted
New Member

Re: GbE2c Radius

Amy am having the same issue here and was wondering if fix was ever found?

Thanks,
John

I am using Freeradius
Highlighted
New Member

Re: GbE2c Radius

The solution is as below. IF you have any problems please let me know.

To get Radius working on IAS 2003

1. Open IAS Admin Tool
2. Select the correct Remote Policy
3. Set it with the following

Service-Type Administrative

If you wish to allow people access to the switch without the ability to make changes or you will need to manually edit the following file
C:\windows\system32\ias\dnary.mdb
in the Enumerators table at the bottom add the following

HP User Service-Type 255
Highlighted
New Member

Re: GbE2c Radius

Hi!

We're having problems trying to authenticate with Freeradius on Gbe2c and Gbe2p Blade ethernet switches modules.

We have configured different reply attributes on freeradius for Cisco and HP Procurve swithes, but it doesn't work with blade modules.

Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Service-Type = Administrative-User

When we try to authenticate by telnet we get access aceptted on freeradius, but i think the Reply attribute we're using is not correct. Any idea?

Sending Access-Accept of id 160 to 1.2.3.4 port 3010

Service-Type = NAS-Prompt-User
Cisco-AVPair = "shell:priv-lvl=15"
Service-Type = Administrative-User

Finished request 1.

Is there any way to debug radius events on the Gbe2c/Gbe2p modules?

Thanks!