Comware

 View Only
last person joined: 2 days ago 

Back to discussions
Expand all | Collapse all

Problem using oobm for aaa w/radius on 6120XG

This thread has been viewed 1 times

  • 1.  Problem using oobm for aaa w/radius on 6120XG

    Posted Jul 30, 2011 12:48 AM

    Hi there,

     

    I have a number of 6120XG blade switches for which I'm attempting to configure aaa with radius for authentication.  I have these switches setup with no IP address other than the OOBM interface.  I've tried configuring aaa with radius according to the docs, but it seems like the messages are never making it to my Radius server (Windows 2008 NPS).  Here's the config I'm using:

     

    radius-server host 10.7.0.70 key "secretkey" oobm

    aaa authentication ssh login radius local

    aaa authentication ssh enable radius local

     

    I've tailed the NPS log on the Windows server and I never see the request hit the NPS server.  I see this error in the log:

     

    07/30/11 04:39:13 00421 radius: Can't reach RADIUS server 10.7.0.70

     

    Which the docs say is a mismatched key, but I've checked, double-checked, retyped, and checked again, and the keys match. 

     

     

    Here's the full config:

     

    RAD-BS1-A# sh run
    Running configuration:
    ; 516733-B21 Configuration Editor; Created on release #Z.14.26
    hostname "RAD-BS1-A"

    qos dscp-map 111000 priority 7

    qos dscp-map 110000 priority 6

    qos dscp-map 101000 priority 5

    qos dscp-map 100000 priority 4

    qos dscp-map 011000 priority 3

    qos dscp-map 010000 priority 2

    qos dscp-map 001000 priority 1

    qos dscp-map 000000 priority 0

    interface 23

       disable

       lacp Active

    exit

    interface 24

       disable

       lacp Active

    exit

    interface 17

       name "RAD-6509E-2_Te5/2"

    exit

    ip default-gateway 10.7.3.1

    vlan 1

       name "DEFAULT_VLAN" 

       untagged 17-24

       no untagged 1-16

       no ip address

       exit

    vlan 2

       name "Server_VLAN"

       untagged 1-2,4-8,10-16

       tagged 3,9,17

       no ip address

       ip igmp high-priority-forward

       exit

    vlan 50

       name "CSM"

       tagged 3,9,17

       no ip address

       exit

    logging 10.7.0.108 oobm

    logging facility local5

    radius-server host 10.7.0.70 key "secretkey" oobm

    timesync sntp

    sntp unicast

    sntp 300

    sntp server priority 1 10.7.0.81 3 oobm

    snmp-server community "SecretCommunity" unrestricted

    aaa authentication ssh login radius local

    aaa authentication ssh enable radius local

    spanning-tree

    spanning-tree config-name "Cisco-HP"

    spanning-tree config-revision 1

    spanning-tree instance 1 vlan 1 2 30 50 66 70 75 80 100-102 999

    spanning-tree instance 2 vlan 20 40

    oobm

       ip address 10.7.3.13 255.255.255.0

       ip default-gateway 10.7.3.1

       exit

    primary-vlan 2

    password manager

    Thanks in advance!


    #6120xg
    #oobm
    #aaa
    #Radius


  • 2.  RE: Problem using oobm for aaa w/radius on 6120XG

    Posted Mar 13, 2012 01:46 PM

    Hi,

     

     I have the same problem. I capturing traffic with sniffer and I am not seeing radius request.

     

    Best regards,



  • 3.  RE: Problem using oobm for aaa w/radius on 6120XG

    Posted Mar 13, 2012 01:52 PM

    I should've responded back to this thread, but the fix seemed to be upgrading to the latest Firmware for these devices. 

     

    Good luck!



  • 4.  RE: Problem using oobm for aaa w/radius on 6120XG

    Posted Mar 20, 2012 11:14 AM

     What firmware version do you have?

     

    Image stamp: /sw/code/build/vern(Z_14_zinfip_t4b)
    Oct 13 2011 13:12:25
    Z.14.29