10-27-2016 10:40 AM
We have Clearpass 6.6.1 running, I am trying to get admin level login for our switches.
My first switch I am attempting to get working is 3com branded 4800G running 5.20 Release 2220P07
What attributes do I need to return?
Previously we have been using IMC to do RADIUS and I did a packet capture to see what it was sending.
3Com-Connect_ID(26): 18268xxx (where xxx so far is a changing number for each connection)
I tried returning service type login, login-service ssh(50), 3com-user-access-level 3Com-administrator
and all I see is "access denied" when I enter my user/password
I do see in the clearpass monitor that it is accepting my user/password and returning
So my best guess is I need to use a different attribute to log in? Hopefully, someone has done this and has it working.
My switch is configured like this:
radius scheme Clearpass server-type standard primary authentication x.x.x.x primary accounting x.x.x.x key authentication xxxxxxx key accounting xxxxxxxx user-name-format without-domain domain radius authentication login radius-scheme Clearpass local accounting login radius-scheme Clearpass local authorization login radius-scheme clearpass local access-limit disable state active idle-cut disable self-service-url disable
Solved! Go to Solution.
10-27-2016 12:50 PM - edited 10-27-2016 01:31 PM
To provide further detail. I see my packets from clearpass coming in as "Access-Reject" where I would see "Access-Accept" from IMC. Not sure why it is transmitting as a reject. This is actually not true. I didn't realize I got several access-accept from clearpass prior in the same "conversation" I am not a smart man. Forgot to add "domain default enable Clearpass" to my config I had it set to another test. And server-type should be extended