Hi All,
I am new to HP devices but have been thrown in the deepend with a new role that has mainly HP equipment installed.
I am looking to setup Radius authentication for the 5700 FlexFabric running Software Version 7.1.045. My radius server is Windows NPS.
I have attached some snapshots of my radius configuration. Note for the Network Policy Vendor Attribut I have tried the following:
- shell:allowed-roles="level-15"
- shell:allowed-roles="network-admin"
- shell:roles="level-15"
- shell:roles="network-admin"
- alowed-roles="level-15"
- allowed-roles="network-admin"
- roles="level-15"
- roles="network-admin"
Configuration Snapshot:
#
line class aux
user-role network-admin
#
line class vty
user-role network-operator
#
line aux 0 1
user-role network-admin
#
line vty 0 63
authentication-mode scheme
user-role network-operator
#
radius scheme radius
primary authentication <withheld) key cipher <withheld>
primary accounting <withheld> key cipher <withheld>
user-name-format without-domain
#
domain radius
authentication login radius-scheme radius local
accounting login radius-scheme radius local
#
domain system
#
domain default enable radius
#
role default-role enable
#
user-group system
#
local-user administrator class manage
password hash <withheld>
service-type ssh telnet http https
authorization-attribute user-role level-15
authorization-attribute user-role network-operator
#
This configuration when captured with wireshark I can see the an access-accept is sent back to the switch, but connection is immediately dropped by the switch, I am assuming that is because no privilege level has been provided, but I am unsure.
Under the domain radius, I have tried adding authorization default none, this allows me to connect but with practically no privilege level except for a few display commands.
Any assistance with this would be greately appreciate, I have looked over the configuration guide again and again, but seem to be getting no where.
Thanks,
Steven
#aaa#Radius