So, interestingly when I configured Radius Auth it resolved the web GUI issue. Now I can authenticate and update firmware via browser, which was the intended goal.
Original Message:
Sent: Aug 05, 2024 11:07 AM
From: Thomas Siegenthaler
Subject: Avaya 2620-24g (and others)
No worries. Let us know whether it worked.
Original Message:
Sent: Aug 05, 2024 10:26 AM
From: cmartin
Subject: Avaya 2620-24g (and others)
OK thanks! appreciate the feedback
Original Message:
Sent: Aug 05, 2024 10:16 AM
From: thomasbnc
Subject: Avaya 2620-24g (and others)
Well, at least I would correct the aaa settings to use local login if RADIUS is entirely not available. Did you configure RADIUS tracking, so dead RADIUS server are kicked out of the authentication sequence?
For local login, time is not a problem unless dealing with certificates (not sure whether or not you are using HTTP or HTTPS to access your web server).
Original Message:
Sent: Aug 05, 2024 10:09 AM
From: cmartin
Subject: Avaya 2620-24g (and others)
These incorrect settings would impact web authentication (local creds)?
Original Message:
Sent: Aug 05, 2024 10:01 AM
From: thomasbnc
Subject: Avaya 2620-24g (and others)
So, you have multiple problems:
- your time setting is wrong --> 1990. Make sure you set an accurate time and also sync time using NTP
- you have configured RADIUS login but your RADIUS servers are not reachable. Make sure your RADIUS servers are reachable or switch to local login "aaa authen web login local" and "aaa authen ssh login local".
- your software is super old ... on what type of switch did you run the command?
I hope this helps.
Regards,
Thomas
Original Message:
Sent: Aug 05, 2024 09:46 AM
From: cmartin
Subject: Avaya 2620-24g (and others)
show authentication
Status and Counters - Authentication Information
Login Attempts : 3
Respect Privilege : Enabled
| Login Login Login
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Local None
Telnet | Radius radius Local
Port-Access | Local None
Webui | Radius radius Local
SSH | Radius radius Local
Web-Auth | ChapRadius radius None
MAC-Auth | ChapRadius radius None
SNMP | Local None
| Enable Enable Enable
Access Task | Primary Server Group Secondary
----------- + ---------- ------------ ----------
Console | Local None
Telnet | Local None
Webui | Local None
SSH | Local None
show web-management
Invalid input:Invalid input: web-management
Image stamp: /sw/code/build/xform(RA_15_05)
Aug 9 2011 09:08:18
RA.15.05.0006
44
Boot Image: Primary
sh time
Tue Jan 16 20:33:16 1990
show run | in password
password manager
password operator
show run | in aaa
aaa authentication login privilege-mode
aaa authentication telnet login radius local
aaa authentication web login radius local
aaa authentication ssh login radius local
W 01/16/90 20:28:41 00419 auth: Invalid user name/password on WEB-UI session
W 01/16/90 20:28:36 00419 auth: Invalid user name/password on WEBUI session
W 01/16/90 20:28:23 00419 auth: Invalid user name/password on WEB-UI session
W 01/16/90 20:28:18 00419 auth: Invalid user name/password on WEBUI session
W 01/16/90 20:24:59 00419 auth: Invalid user name/password on WEB-UI session
W 01/16/90 20:24:54 00419 auth: Invalid user name/password on WEBUI session
W 01/16/90 20:22:42 00419 auth: Invalid user name/password on WEB-UI session
W 01/16/90 20:22:37 00419 auth: Invalid user name/password on WEBUI session
W 01/16/90 20:22:21 00419 auth: Invalid user name/password on WEB-UI session
W 01/16/90 20:22:16 00419 auth: Invalid user name/password on WEBUI session
W 01/16/90 20:22:00 00419 auth: Invalid user name/password on WEB-UI session
W 01/16/90 20:21:55 00419 auth: Invalid user name/password on WEBUI session
W 01/16/90 20:12:58 00419 auth: Invalid user name/password on WEB-UI session
W 01/16/90 20:12:53 00419 auth: Invalid user name/password on WEBUI session
I 01/16/90 20:07:24 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
I 01/16/90 20:07:15 00421 radius: Can't reach RADIUS server 1x.x.x.x
I 01/16/90 20:06:55 00421 radius: Can't reach RADIUS server x.x.x.x
W 01/16/90 20:05:33 00419 auth: Invalid user name/password on SSH session
I 01/16/90 20:05:33 00421 radius: Can't reach RADIUS server x.x.x.x
I 01/16/90 20:05:13 00421 radius: Can't reach RADIUS server x.x.x.x
W 01/16/90 20:04:19 00419 auth: Invalid user name/password on WEB-UI session
I 01/16/90 20:04:18 00421 radius: Can't reach RADIUS server x.x.x.x
I 01/16/90 20:03:58 00421 radius: Can't reach RADIUS server x.x.x.x
W 01/16/90 20:03:19 00419 auth: Invalid user name/password on WEB-UI session
I 01/16/90 19:38:16 00421 radius: Can't reach RADIUS server x.x.x.x
I 01/16/90 19:37:56 00421 radius: Can't reach RADIUS server x.x.x.x
W 01/16/90 19:31:58 00419 auth: Invalid user name/password on WEB-UI session
I 01/16/90 19:31:51 00421 radius: Can't reach RADIUS server x.x.x.x
I 01/16/90 19:31:31 00421 radius: Can't reach RADIUS server x.x.x.x
I 01/16/90 19:30:56 00421 radius: Can't reach RADIUS server x.x.x.x
I 01/16/90 19:30:36 00421 radius: Can't reach RADIUS server x.x.x.x
I 01/16/90 19:03:12 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
W 01/16/90 19:03:05 00419 auth: Invalid user name/password on SSH session
I 01/13/90 22:41:23 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
W 01/13/90 22:40:44 00419 auth: Invalid user name/password on WEB-UI session
W 01/13/90 22:40:27 00419 auth: Invalid user name/password on WEB-UI session
W 01/13/90 22:40:00 00419 auth: Invalid user name/password on WEB-UI session
W 01/13/90 22:02:05 00419 auth: Invalid user name/password on WEB-UI session
W 01/13/90 22:00:22 00419 auth: Invalid user name/password on WEB-UI session
I 01/13/90 21:58:27 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
I 01/13/90 21:39:20 00179 mgr: SME SSH from x.x.x.x - MANAGER Mode
W 01/13/90 21:21:56 00419 auth: Invalid user name/password on WEB-UI session
W 01/13/90 21:21:37 00419 auth: Invalid user name/password on WEB-UI session
Original Message:
Sent: Aug 05, 2024 08:31 AM
From: thomasbnc
Subject: Avaya 2620-24g (and others)
Okay, that sounds a bit strange. To double check, could you please run the following commands and post the output?
- show web-management
- show version
- show time
- show run | in password
- show run | in aaa
Please sanitize any confidential information but do not remove any entire lines from the output.
Moreover, try a login on the web and have a look at the switch's log:
Please post any message that has to do with the login attempt.
Regards,
Thomas
Original Message:
Sent: 8/5/2024 8:16:00 AM
From: cmartin
Subject: RE: Avaya 2620-24g (and others)
I can log in SSH using local manager creds. Radius and aaa are not configured in the config. The web login loads, but will not accept the manager creds. So the web server is not disabled, but the creds are not being relayed to the switch, something like that.
hostname "xxxxxxxxxxxx"
max-vlans 64
time timezone -300
time daylight-time-rule Continental-US-and-Canada
no qos dscp-map 101110
trunk 26 Trk1 Trunk
ip default-gateway 10.180.30.1
vlan 1
name "Default"
untagged 25,27-28,Trk1
etc etc
Original Message:
Sent: Aug 05, 2024 06:05 AM
From: thomasbnc
Subject: Avaya 2620-24g (and others)
Hi
can you please elaborate a bit more on what "unable to log in using GUI" exactly means? Is the web GUI showing up or is perhaps the web server disabled? Can you log in but without administrative access or is your user denied login at all?
Are you trying with a local account or RADIUS/TACACS remote auth?
Kindly, share the running configuration of your switch, with focus of RADIUS/TACACSs and/or "aaa" parts, so we can see what is configured and help you identifying the issue you have.
Regards,
Thomas
Original Message:
Sent: Aug 02, 2024 01:21 PM
From: cmartin
Subject: Avaya 2620-24g (and others)
I am unable to log in using GUI but can authenticate SSH fine. This is the case with the 2620, 2920, 2930.
Any suggestions? We have a mixed aruba managed, aruba standalone environment.