Comware

 View Only
  • 1.  Problem Radius attibutes HP procurve and H3C Switchs

    Posted Feb 13, 2017 05:37 AM

    Hello, I have a pb to configure the switch HP procurve 2610 and 2600 and switch H3C 5130 and A3600 and S3600 on the radius, I can not get different rights on the switch. Either I have admin rights or the login window closes as soon as I have the connection to the switch. Would you have the Radius attributes for these models and the setting of the radius SVP?

    Excuse for my english language.

    My Configuration HP Procurve:

    hostname "ProCurve Switch 2610-24"
    ip default-gateway x.x.x.x
    snmp-server community "public" Unrestricted
    vlan 1
       name "DEFAULT_VLAN"
       untagged 1-28
       ip address x.x.x.x x.x.x.x
       exit
    radius-server host x.x.x.x acct-port 1646 auth-port 1645 key "xxxxxx"
    radius-server key "xxxxxx"
    aaa authentication num-attempts 10
    aaa authentication console enable radius local
    aaa authentication telnet login radius local
    aaa authentication telnet enable radius local
    aaa authentication ssh login radius local
    aaa authentication ssh enable radius local
    aaa authentication port-access eap-radius authorized
    aaa authentication login privilege-mode
    aaa port-access authenticator active
    ip ssh
    no dhcp config-file-update
    password manager
    password operator

     

    Thanks for your help

    Best regards

    Mathieu



  • 2.  RE: Problem Radius attibutes HP procurve and H3C Switchs

    Posted Feb 13, 2017 06:14 AM

    These attributes work for us.

    For Procurve operator:

    Type                              Name                 Value
    Radius:Hewlett-Packard-Enterprise HPE-Privilege-Level  5
    Radius:IETF                       Service-Type         NAS-Prompt-User (7)


    For Procurve manager:

    Type                                Name                 Value
    Radius:Hewlett-Packard-Enterprise   HPE-Privilege-Level  0
    Radius:IETF                         Service-Type         Administrative-User (6)


    For Comware manager:

    Type           Name           Value
    Radius:Cisco   Cisco-AVPair   shell:roles=network-admin

     



  • 3.  RE: Problem Radius attibutes HP procurve and H3C Switchs

    Posted Feb 13, 2017 06:39 AM

    Thank you but I did not find Hewlett-Packard-Entreprise, HPE-Privilege-Level and IEFF Service Type: Nas Propt-User in my server NPS.

    I have cisco, vendor specific or other but not hp

     

    Thank you



  • 4.  RE: Problem Radius attibutes HP procurve and H3C Switchs

    Posted Feb 13, 2017 11:36 AM

    Please,

    I can not configure the H3C switches, I can not find the HP or H3Com attributes in my NPS server

     

    Thanks for your help.

    Mathieu



  • 5.  RE: Problem Radius attibutes HP procurve and H3C Switchs

    Posted Feb 14, 2017 07:25 AM

    Have a look at this link if you're using NPS (we use Aruba CLearPass):

    https://abouthpnetworking.com/2014/03/16/comware7-radius-based-rbac-user-role-assignment/

     



  • 6.  RE: Problem Radius attibutes HP procurve and H3C Switchs

    Posted Feb 14, 2017 10:16 AM

    Hello,

    This solution works with H3C 5130 models but does not work with H3C 5500 models that must have VSA 010600000003 for administrators, and 010600000001 for operators parameters. It also does not work for models H3C S3600 and H3C A3600.

    thanks