Wired Intelligent Edge

 View Only
last person joined: 2 days ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Expand all | Collapse all

Avaya 2620-24g (and others)

This thread has been viewed 31 times
  • 1.  Avaya 2620-24g (and others)

    Posted Aug 02, 2024 01:21 PM

    I am unable to log in using GUI but can authenticate SSH fine. This is the case with the 2620, 2920, 2930.

    Any suggestions? We have a mixed aruba managed, aruba standalone environment.



  • 2.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 06:06 AM

    Hi

    can you please elaborate a bit more on what "unable to log in using GUI" exactly means? Is the web GUI showing up or is perhaps the web server disabled? Can you log in but without administrative access or is your user denied login at all? 

    Are you trying with a local account or RADIUS/TACACS remote auth?

    Kindly, share the running configuration of your switch, with focus of RADIUS/TACACSs and/or "aaa" parts, so we can see what is configured and help you identifying the issue you have. 

    Regards, 
    Thomas




  • 3.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 08:16 AM

    I can log in SSH using local manager creds. Radius and aaa are not configured in the config. The web login loads, but will not accept the manager creds. So the web server is not disabled, but the creds are not being relayed to the switch, something like that. 

    hostname "xxxxxxxxxxxx"
    max-vlans 64
    time timezone -300
    time daylight-time-rule Continental-US-and-Canada
    no qos dscp-map 101110
    trunk 26 Trk1 Trunk
    ip default-gateway 10.180.30.1
    vlan 1
       name "Default"
       untagged 25,27-28,Trk1

    etc etc




  • 4.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 08:32 AM

    Okay, that sounds a bit strange. To double check, could you please run the following commands and post the output?

    • show authentication
    • show web-management
    • show version
    • show time
    • show run | in password
    • show run | in aaa

     

    Please sanitize any confidential information but do not remove any entire lines from the output.

     

    Moreover, try a login on the web and have a look at the switch's log:

    • show log -r

    Please post any message that has to do with the login attempt.

     

    Regards,

    Thomas

     

     






  • 5.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 09:47 AM

    show authentication

     Status and Counters - Authentication Information

      Login Attempts : 3
      Respect Privilege : Enabled

                  | Login      Login        Login
      Access Task | Primary    Server Group Secondary
      ----------- + ---------- ------------ ----------
      Console     | Local                   None
      Telnet      | Radius     radius       Local
      Port-Access | Local                   None
      Webui       | Radius     radius       Local
      SSH         | Radius     radius       Local
      Web-Auth    | ChapRadius radius       None
      MAC-Auth    | ChapRadius radius       None
      SNMP        | Local                   None

                  | Enable     Enable       Enable
      Access Task | Primary    Server Group Secondary
      ----------- + ---------- ------------ ----------
      Console     | Local                   None
      Telnet      | Local                   None
      Webui       | Local                   None
      SSH         | Local                   None

     show web-management
    Invalid input:Invalid input: web-management

    Image stamp:    /sw/code/build/xform(RA_15_05)
                    Aug  9 2011 09:08:18
                    RA.15.05.0006
                    44
    Boot Image:     Primary

    sh time
    Tue Jan 16 20:33:16 1990

    show run | in password
    password manager
    password operator

     show run | in aaa
    aaa authentication login privilege-mode
    aaa authentication telnet login radius local
    aaa authentication web login radius local
    aaa authentication ssh login radius local

    W 01/16/90 20:28:41 00419 auth: Invalid user name/password on WEB-UI session
    W 01/16/90 20:28:36 00419 auth: Invalid user name/password on WEBUI session
    W 01/16/90 20:28:23 00419 auth: Invalid user name/password on WEB-UI session
    W 01/16/90 20:28:18 00419 auth: Invalid user name/password on WEBUI session
    W 01/16/90 20:24:59 00419 auth: Invalid user name/password on WEB-UI session
    W 01/16/90 20:24:54 00419 auth: Invalid user name/password on WEBUI session
    W 01/16/90 20:22:42 00419 auth: Invalid user name/password on WEB-UI session
    W 01/16/90 20:22:37 00419 auth: Invalid user name/password on WEBUI session
    W 01/16/90 20:22:21 00419 auth: Invalid user name/password on WEB-UI session
    W 01/16/90 20:22:16 00419 auth: Invalid user name/password on WEBUI session
    W 01/16/90 20:22:00 00419 auth: Invalid user name/password on WEB-UI session
    W 01/16/90 20:21:55 00419 auth: Invalid user name/password on WEBUI session
    W 01/16/90 20:12:58 00419 auth: Invalid user name/password on WEB-UI session
    W 01/16/90 20:12:53 00419 auth: Invalid user name/password on WEBUI session
    I 01/16/90 20:07:24 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
    I 01/16/90 20:07:15 00421 radius: Can't reach RADIUS server 1x.x.x.x
    I 01/16/90 20:06:55 00421 radius: Can't reach RADIUS server x.x.x.x
    W 01/16/90 20:05:33 00419 auth: Invalid user name/password on SSH session
    I 01/16/90 20:05:33 00421 radius: Can't reach RADIUS server x.x.x.x
    I 01/16/90 20:05:13 00421 radius: Can't reach RADIUS server x.x.x.x
    W 01/16/90 20:04:19 00419 auth: Invalid user name/password on WEB-UI session
    I 01/16/90 20:04:18 00421 radius: Can't reach RADIUS server x.x.x.x
    I 01/16/90 20:03:58 00421 radius: Can't reach RADIUS server x.x.x.x
    W 01/16/90 20:03:19 00419 auth: Invalid user name/password on WEB-UI session
    I 01/16/90 19:38:16 00421 radius: Can't reach RADIUS server x.x.x.x
    I 01/16/90 19:37:56 00421 radius: Can't reach RADIUS server x.x.x.x
    W 01/16/90 19:31:58 00419 auth: Invalid user name/password on WEB-UI session
    I 01/16/90 19:31:51 00421 radius: Can't reach RADIUS server x.x.x.x
    I 01/16/90 19:31:31 00421 radius: Can't reach RADIUS server x.x.x.x
    I 01/16/90 19:30:56 00421 radius: Can't reach RADIUS server x.x.x.x
    I 01/16/90 19:30:36 00421 radius: Can't reach RADIUS server x.x.x.x
    I 01/16/90 19:03:12 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
    W 01/16/90 19:03:05 00419 auth: Invalid user name/password on SSH session
    I 01/13/90 22:41:23 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
    W 01/13/90 22:40:44 00419 auth: Invalid user name/password on WEB-UI session
    W 01/13/90 22:40:27 00419 auth: Invalid user name/password on WEB-UI session
    W 01/13/90 22:40:00 00419 auth: Invalid user name/password on WEB-UI session
    W 01/13/90 22:02:05 00419 auth: Invalid user name/password on WEB-UI session
    W 01/13/90 22:00:22 00419 auth: Invalid user name/password on WEB-UI session
    I 01/13/90 21:58:27 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
    I 01/13/90 21:39:20 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
    W 01/13/90 21:21:56 00419 auth: Invalid user name/password on WEB-UI session
    W 01/13/90 21:21:37 00419 auth: Invalid user name/password on WEB-UI session




  • 6.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 10:01 AM

    So, you have multiple problems:

    • your time setting is wrong --> 1990. Make sure you set an accurate time and also sync time using NTP
    • you have configured RADIUS login but your RADIUS servers are not reachable. Make sure your RADIUS servers are reachable or switch to local login "aaa authen web login local" and "aaa authen ssh login local". 
    • your software is super old ... on what type of switch did you run the command?

    I hope this helps. 

    Regards, 
    Thomas




  • 7.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 10:10 AM

    These incorrect settings would impact web authentication (local creds)?




  • 8.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 10:16 AM

    Well, at least I would correct the aaa settings to use local login if RADIUS is entirely not available. Did you configure RADIUS tracking, so dead RADIUS server are kicked out of the authentication sequence?
    For local login, time is not a problem unless dealing with certificates (not sure whether or not you are using HTTP or HTTPS to access your web server). 




  • 9.  RE: Avaya 2620-24g (and others)

    Posted Aug 05, 2024 10:26 AM

    OK thanks! appreciate the feedback