Wired

 View Only
last person joined: 23 hours ago 

Expand all | Collapse all

RADIUS Authentication/Authorization

This thread has been viewed 23 times
  • 1.  RADIUS Authentication/Authorization

    Posted Feb 28, 2022 10:27 PM
    I am researching using VSAs but I need to setup RADIUS first before I can start testing this feature. Is it required to have Clearpass for this?

    I cannot seem to get the switch to authenticate with the NPS at all. 

    Here are the following commands I entered into the CLI of the 2540:
    radius-server host....
    aaa authentication login privilege-mode
    aaa authentication web enable radius local
    wr mem

    When I access the Web GUI in the browser it does not accept any of my domain user account logins. Any suggestions? I have read the Aruba Security Guide for ArubaOS but they do not go into great detail on how to get this configured. Very cryptic language if you ask me but I am not a network guru.

    Thanks.

    ------------------------------
    Anthony Berger
    ------------------------------


  • 2.  RE: RADIUS Authentication/Authorization

    EMPLOYEE
    Posted Mar 01, 2022 02:48 AM
    Hello, 

    Did you test without "aaa authentication login privilege-mode"?
    When you have this line in the configuration the switch expects to receive an Access Accept with the RADIUS attribute Service-Type and value 6 (manager) or 7 (operator).

    While this option is enabled, a Service-Type value other than 6 or 7, or an unconfigured (null) Service-Type causes the switch to deny access to the requesting client.


    So if your NPS is not configured to return this values please disable this option "no aaa authentication login privilege-mode"

    More details about this command can be found here

    https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch06s04.html

    ------------------------------
    Emil Gogushev
    ------------------------------



  • 3.  RE: RADIUS Authentication/Authorization

    Posted Mar 01, 2022 07:42 PM
    Emil,

    I have read that document already but it is not specific on what to enter in the NPS for it to authenticate user access to the switch either via SSH or Web.

    ------------------------------
    Anthony Berger
    ------------------------------



  • 4.  RE: RADIUS Authentication/Authorization

    Posted Mar 01, 2022 08:07 PM
    Have to admin this is ridiculous that I cannot setup RADIUS authentication on a switch with NPS out of the box. No documentation on what to do on the NPS side of things. This was not difficult to do with Cisco but not everyone has the budget for that caddy. I guess you get what you pay for in the end....

    I even found this tidbit hoping it would help but its for Aruba's controller and didnt work even trying to perform similar steps on the NPS...

    https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=10129

    ------------------------------
    Anthony Berger
    ------------------------------