Network Management

Dear Friends, 

My last question: I used this command 

ip source-interface radius vlan 10

vlan 10

   name "management"

   untagged 3-10

   tagged 13

   ip address 192.168.0.254 255.255.255.0

   exit

in my Lab so Radius remote management is working with switch management interface 192.168.0.254. Also, Radius server is 192.168.0.55 which is in the same scope VLAN with Switch management interface. 

However, if I do not use this command, Radius Management wont be working. So what if the Radius server is in a different scope for exmple, vlan 80. Should I go: ip source-interface radius vlan 80? 

Also how can I monitor logs of who logged in the switches? External SNMP server? 

Thanks

ML

Dear Friends, 

My last question: I used this command 

ip source-interface radius vlan 10

vlan 10

   name "management"

   untagged 3-10

   tagged 13

   ip address 192.168.0.254 255.255.255.0

   exit

in my Lab so Radius remote management is working with switch management interface 192.168.0.254. Also, Radius server is 192.168.0.55 which is in the same scope VLAN with Switch management interface. 

However, if I do not use this command, Radius Management wont be working. So what if the Radius server is in a different scope for exmple, vlan 80. Should I go: ip source-interface radius vlan 80? 

Also how can I monitor logs of who logged in the switches? External SNMP server? 

Thanks

ML

Do you have multiple IP interfaces on the switch?

The switch will automatically select the IP interface of the outbound interface by default to reach the RADIUS servers. If you need to change this you need to use the ip source command.

Regarding the wrong credentials. Is the RADIUS server sending a deny or is it just dropping the authentication request?

Dear Friends, 

My last question: I used this command 

ip source-interface radius vlan 10

vlan 10

   name "management"

   untagged 3-10

   tagged 13

   ip address 192.168.0.254 255.255.255.0

   exit

in my Lab so Radius remote management is working with switch management interface 192.168.0.254. Also, Radius server is 192.168.0.55 which is in the same scope VLAN with Switch management interface. 

However, if I do not use this command, Radius Management wont be working. So what if the Radius server is in a different scope for exmple, vlan 80. Should I go: ip source-interface radius vlan 80? 

Also how can I monitor logs of who logged in the switches? External SNMP server? 

Thanks

ML

HI Aruba WB @Aruba WB

I used: 

radius-server host 10.0.0.221 key "key"
radius-server host 10.0.0.221 dyn-authorization
radius-server host 10.0.0.221 time-window 3000

ip source-interface radius vlan 200

aaa authentication num-attempts 2
aaa authentication login privilege-mode
aaa authentication web login peap-mschapv2 local
aaa authentication web enable peap-mschapv2 local
aaa authentication ssh login peap-mschapv2 local
aaa authentication ssh enable peap-mschapv2 local

Vlan 200 Managent vlan switch virtual interface

van 10 server where Radius server is/ Radius server is a different box with DC server. 

For some reason, web UI cannot authenticate with Radius server: 

I got this error: 

W 02/24/23 17:15:44 00419 auth: AM1: Invalid user name/password on WEB-UI
            session User 'unknown' is trying to login from dektop
W 02/24/23 17:15:10 00419 auth: AM1: Invalid user name/password on WEB-UI
            session User 'unknown' is trying to login from desktop
I 02/24/23 17:15:05 00421 radius: AM1: Can't reach RADIUS server 10.0.0.221

Radius server and lab switch is all working fine but switch and server are within the same vlan. 

Any idea why? 

ML

Do you have multiple IP interfaces on the switch?

The switch will automatically select the IP interface of the outbound interface by default to reach the RADIUS servers. If you need to change this you need to use the ip source command.

Regarding the wrong credentials. Is the RADIUS server sending a deny or is it just dropping the authentication request?

Dear Friends, 

My last question: I used this command 

ip source-interface radius vlan 10

vlan 10

   name "management"

   untagged 3-10

   tagged 13

   ip address 192.168.0.254 255.255.255.0

   exit

in my Lab so Radius remote management is working with switch management interface 192.168.0.254. Also, Radius server is 192.168.0.55 which is in the same scope VLAN with Switch management interface. 

However, if I do not use this command, Radius Management wont be working. So what if the Radius server is in a different scope for exmple, vlan 80. Should I go: ip source-interface radius vlan 80? 

Also how can I monitor logs of who logged in the switches? External SNMP server? 

Thanks

ML