We have Clearpass 6.6.1 running, I am trying to get admin level login for our switches.
My first switch I am attempting to get working is 3com branded 4800G running 5.20 Release 2220P07
What attributes do I need to return?
Previously we have been using IMC to do RADIUS and I did a packet capture to see what it was sending.
I see
Service-Type(6): Login(1)
Login-Service(15): Unknown(50)
3Com-User-Access-Level(1): 3Com-Administrator(3)
3Com-Connect_ID(26): 18268xxx (where xxx so far is a changing number for each connection)
I tried returning service type login, login-service ssh(50), 3com-user-access-level 3Com-administrator
and all I see is "access denied" when I enter my user/password
I do see in the clearpass monitor that it is accepting my user/password and returning
Radius:3com:3Com-User-Access-Level | 3 |
Radius:IETF:Login-Service | 50 |
Radius:IETF:Service-Type | 1 |
So my best guess is I need to use a different attribute to log in? Hopefully, someone has done this and has it working.
My switch is configured like this:
radius scheme Clearpass
server-type standard
primary authentication x.x.x.x
primary accounting x.x.x.x
key authentication xxxxxxx
key accounting xxxxxxxx
user-name-format without-domain
domain radius
authentication login radius-scheme Clearpass local
accounting login radius-scheme Clearpass local
authorization login radius-scheme clearpass local
access-limit disable
state active
idle-cut disable
self-service-url disable