- Community Home
- >
- Networking
- >
- Legacy
- >
- Switching and Routing
- >
- Authetication SSH Switch HPE 5130, 5900 and 11900 ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2021 08:23 AM
тАО06-18-2021 08:23 AM
Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Good morning everybody,
I was able to successfully implement the Microsoft MFA and Microsoft RADIUS implementation for user authentication on the HPE 5130 and 5900 switches, however, I am not able to implement it on my HPE1900 CORE switch.
Below is the configuration for the HPE 5130 and HPE5900 switches:
radius scheme system
primary authentication MY_SERVER_RADIUS
primary accounting MY_SERVER_RADIUS
security-policy-server MY_SERVER_RADIUS
key authentication cipher XXXXXXXXXXXXXXXX
key accounting cipher XXXXXXXXXXXXXXXXXXX
user-name-format without-domain
and
role default-role enable network-admin
I have the same configuration as above on my HPE 11900 switch, however, on the HPE11900 switch there is no command "security-policy-server" command, this was the only difference in the configuration I found between them...
When I try to use MFA on the HPE 11900 Switch I get the message below:
Pre-authentication banner message from server:
Invalid code. ├З
> Contact your administrator to make sure that the time on your mobile device is
> in sync with ADSelfService Plus server and try again.
End of banner message from server
Further authentication required
myuser.admin@IP_SWITCH_CORE's password:
All switches in my network synchronize date and time and they are all the same.
Does anyone know if there is any alternative command, or how I could solve this question?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2021 08:12 PM
тАО06-18-2021 08:12 PM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Can you please share the product number 'JXXXXX' of HPE 11900 switch and current software version?
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2021 08:40 PM
тАО06-18-2021 08:40 PM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Yes, software version HPE Comware Software, Version 7.1.070, Release 7576, Release Version: HP FF 11908-V-7576
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-18-2021 08:43 PM
тАО06-18-2021 08:43 PM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Sorry, this is the model DEVICE_NAME : HPE 11908 V Switch Chassis JG608A
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2021 02:57 PM
тАО06-19-2021 02:57 PM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Hello,
I believe you need to enable radius session control
Below are the steps:
[Switch] radius session-control enable
.[Switch] radius session-control client ip <security-policy server ip> key simple <key>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-19-2021 07:19 PM
тАО06-19-2021 07:19 PM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Hi....
I put this command, but i received the same response
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2021 08:13 AM
тАО06-22-2021 08:13 AM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Good mornning,
Today I had support with the MFA team and they told me that the MFA code sent by the switch is incorrect, however, this only happens on the HPE 11900 switch, when I put the CODE using Microsoft Authenticator. But on the HPE 5130 and 5900 switches it is working correctly, does anyone have any ideas?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2021 03:51 AM
тАО06-23-2021 03:51 AM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Hello,
The radius config looks fine which oyu have configured into HPE 11900 switch. This might be a bug in current software but I am unable to trace it. This issue needs remote/LAB intervention.
So request you to please log a case with HPE Support Center portal for further resolution using the link: https://support.hpe.com/hpesc/public/home/
Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-23-2021 02:20 PM
тАО06-23-2021 02:20 PM
Re: Authetication SSH Switch HPE 5130, 5900 and 11900 with RADIUS and MFA Microsoft
Thank you for your feedback I already opened a call on the link you indicated,