Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

ArubaOS-CX Radius authentication

This thread has been viewed 55 times

  • 1.  ArubaOS-CX Radius authentication

    Posted Feb 22, 2019 09:12 AM

    Hello,

     

    I'm trying to configure radius authentication for management access on ArubaOS-CX switches with Clearpass.

     

    I've setup the switch as follows:

    radius-server host 10.13.111.19 vrf default
aaa group server radius clearpass
server 10.13.111.19 vrf default

radius-server key plaintext mypasskey123
radius-server auth-type chap
aaa authentication allow-fail-through

aaa authentication login default group clearpass local
aaa authentication allow-fail-through
aaa accounting all default start-stop group clearpass

    This works but for every login attempt I get one Accept and two Reject messages.

    reject.jpg

     

     

     

     

     

     

     

     

     

     

    The reject attempts appear even before I supply my password.login.png

    Does anyone know why this is happening and how to solve this?

    I'm currently using ArubaOS-CX Version TL.10.02.0001

     

    With kind regards,

     

    Rens



  • 2.  RE: ArubaOS-CX Radius authentication

    EMPLOYEE
    Posted Feb 22, 2019 03:20 PM
    Just curious, why aren’t you using TACACS+? It’s designed for management/admin AAA.


  • 3.  RE: ArubaOS-CX Radius authentication

    Posted Feb 23, 2019 04:50 AM

    Hello Tim,

     

    Tacacs was the first thing I tried. But unfortunatly I can't even get close to get that one working. Please see my other post.

    ArubaOS-CX-Tacacs-authentication

     

    Regards,

     

    Rens



  • 4.  RE: ArubaOS-CX Radius authentication

    MVP GURU
    Posted Feb 23, 2019 01:00 PM
    @Rensk wrote:

    Hello,

     

    I'm trying to configure radius authentication for management access on ArubaOS-CX switches with Clearpass.

     

    I've setup the switch as follows:

    radius-server host 10.13.111.19 vrf default
aaa group server radius clearpass
server 10.13.111.19 vrf default

radius-server key plaintext mypasskey123
radius-server auth-type chap
aaa authentication allow-fail-through

aaa authentication login default group clearpass local
aaa authentication allow-fail-through
aaa accounting all default start-stop group clearpass

    This works but for every login attempt I get one Accept and two Reject messages.

    reject.jpg

     

     

     

     

     

     

     

     

     

     

    The reject attempts appear even before I supply my password.login.png

    Does anyone know why this is happening and how to solve this?

    I'm currently using ArubaOS-CX Version TL.10.02.0001

     

    With kind regards,

     

    Rens

    I get the same issue... (because a customer prefer to use RADIUS and not TACACS...), and i have open multi case to TAC (for ArubaCX and ClearPass...)

     

    and coming from ArubaCX try to discover the cipher available on RADIUS server (a feature of OpenSSH...)

    for avoid "latency" on ClearPass, you can modified a setting (i don't remenber the name...)