Security

Reply
New Contributor

Radius, AirWave & Switch Configuration

Hello,

 

I'm currently testing adding our Aruba switches into AirWave for config backups along with the rest of the functionality that comes with such things.

 

When I only have a local account configured for login it all works perfectly fine. When I add radius authentication into the mix, it all seems to break down. I get the following error message;

 

"Configuration Error(Telnet/SSH Error: (pattern match timed-out) in login process)"

 

My radius config looks like this;

 

radius-server host 1.2.3.4 key 1234

radius-server timeout 3
radius-server retransmit 2

aaa authentication login privilege-mode
aaa authentication console login radius local
aaa authentication console enable radius local
aaa authentication web login radius local
aaa authentication web enable radius
aaa authentication ssh login radius local
aaa authentication ssh enable radius local

 

I set the credentials in the "Manage" section for the device to use the local AD account with the correct password. I can log into the radius enabled device with this account successfully.

 

I looked at the access logs on the switch, and it appears the account is logging in as Operator but isn't using enable to enter Manager. If radius is not enabled, the local account logs straight into Manager (doesn't have to enable).

 

The AirWave page also seems to go white and unresponsive after updating information in the "manage" section under switches.

 

I've done research on the requirements for this; but it doesn't make sense to me that without radius it works and with it, well it doesn't.

 

I've been looking around and haven't found anything that matches the issues I'm facing, hopefully somebody knows what's up here.

 

AirWave 8.2.8.2 

 

Aruba 2930M-48G-PoE+

WC.16.08.0003 (ROM: WC.17.02.0006)

 

Aruba 5412Rzl2

FirmwareKB.16.08.0003 (ROM: KB.16.01.0009)

 

If any further information is required let me know and I'll provide as much as I'm able.

 

 

Frequent Contributor I

Re: Radius, AirWave & Switch Configuration

What kind of attributes do you return from the Radius server? We use the following in ClearPass for manager logins:

 

Radius:Hewlett-Packard-Enterprise	HPE-Privilege-Level	=	0
Radius:IETF				Service-Type		=	Administrative-User (6)
Frequent Contributor II

Re: Radius, AirWave & Switch Configuration

Please make sure the credentials entered in the manage page of the Airwave as manager access or make sure, the user added on Airwave for this switch has a manager role and check if that works?

-If you got what you need with my answer please give kudos and mark it as solution.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: