HPE Community
Switches, Hubs, and Modems
1820264 Members
2701 Online
109622 Solutions
New Discussion юеВ

Re: HP2626 & freeradius

 
Jos├й Iba├▒ez
New Member

тАО05-21-2007 06:55 AM

тАО05-21-2007 06:55 AM

HP2626 & freeradius

Hi,

I want to manage the login to my ProCurve Switch 2626 with freeradius. Now I manage the login of my cisco switchs.

I a newbie in hp switch, I've configured only this in switch:


CODE
aaa authentication telnet login radius local
radius-server host 10.0.0.230 key SWMADCOREKEY

and It's work I can login with users of my freeradis server, but when I login I don't get the exec promt (#), I have to execute enable and put the login and pass of local switch.

In my freeradius server I had to add next line to login in my cisco switchs:


CODE
cisco-avpair = "shell:priv-lvl=15"

Should I add something in freeradius configuration to work whit hp switchs ?

Can any body give me a explample of configuracion of hp sw and freeradis ?

Where can I get more information about this subject ?

Thanks in advance.

JI
0 Kudos
4 REPLIES 4
Matt Hobbs
Honored Contributor

тАО05-21-2007 09:16 AM

тАО05-21-2007 09:16 AM

Re: HP2626 & freeradius

You need to enable 'aaa authentication login privilege-mode' - check the Access Security Guide for more information on this feature.
0 Kudos
lrosales
Advisor

тАО05-21-2007 09:22 AM

тАО05-21-2007 09:22 AM

Re: HP2626 & freeradius

i believe you also have to enter the following command.
aaa authentication telnet enable radius local
0 Kudos
lrosales
Advisor

тАО05-21-2007 10:19 AM

тАО05-21-2007 10:19 AM

Re: HP2626 & freeradius

Jose, take a look at page 12 in the following link.
ftp://ftp.hp.com/pub/networking/software/6400-5300-4200-3400-Security-Oct2006-59906052-Chap06.pdf

Matt is correct, however the the section dealing with this command seems to have been omitted from the Access Security Guide in the 2600 series manuals. The link above is from the 3400 series.
0 Kudos
Jos├й Iba├▒ez
New Member

тАО05-22-2007 03:14 AM

тАО05-22-2007 03:14 AM

Re: HP2626 & freeradius

Hi all,

I test the two commands:

aaa authentication telnet enable radius local
aaa authentication login privilege-mode

And I can't login in "enable mode". I execute telnet, I put the user and password and I login in switch in the "login mode",
then I execute enable command, I put same user and password, the switch accepts the login but I dosen't go to "enable modem".
The switch accepts all user/password of radius server but I can get in "enable mode".

Next, I erase the las command 'aaa authentication login privilege-mode' and now I can get in "enable mode",
but I need to execute the "enable" command and to put the user and password again.

Thanks for the help, I can work for a long time with the last configuration.

BR // JI

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.