Wired Intelligent Edge

I configured an Aruba switch 3810 for AAA (Tacacs) with Clearpass but having 2 issues:

- Switch is not allowing concurrent SSH conections, only the first connection works then everyone else gets "Connection refused"

- How to disable the "username" prompt when entering "enable" mode? i am able to do this for Cisco switches but not for Aruba OS. I only want to ask user/password on initial conection then once enter enable mode only ask for password to match the previously entered username.

Thanks,

AP

For the double login issue you need to set the following command.

aaa authentication login privilege-mode

ArubaOS isn't restricting SSH to one session.

---

@andresp wrote:

I configured an Aruba switch 3810 for AAA (Tacacs) with Clearpass but having 2 issues:

 

- Switch is not allowing concurrent SSH conections, only the first connection works then everyone else gets "Connection refused"

 

 

---

What do you have on the log ?

you don't have configure session limit ?

I get "Connection closed" when trying to ssh when a user is already conected we get "Connection closed" refused from the switch,it doesnt even make it to CPPM......

3810M-73-249# sho ip ssh

SSH Enabled : Yes Secure Copy Enabled : No
TCP Port Number : 22 Timeout (sec) : 120
Rekey Enabled : No Rekey Time (min) : 60
Rekey Volume (KB) : 1048576
Host Key Type : RSA Host Key/Curve Size : 1024

Ciphers : aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-ctr,
aes192-cbc,aes128-ctr,aes128-cbc,3des-cbc
MACs : hmac-sha1-96,hmac-md5,hmac-sha1,hmac-md5-96

Ses Type | Source IP Port
--- -------- + ---------------------------------------------- -----
1 console |
2 ssh | 10.2.203.100 63166
3 inactive |
4 inactive |
5 inactive |
6 inactive |
7 inactive |

What firmware release ?

Do you are using TACACS or RADIUS ?

Tacacs

Switch Boot ROM Version: KB.16.01.0008

CPPM v 6.7.9

what show version say ?

3810M-73-249# show version

Image stamp: /ws/swbuildm/rel_ukiah_qaoff/code/build/bom(swbuildm_rel_ukiah_qaoff_rel_ukiah)
Jul 21 2017 14:42:33
KB.16.04.0008
442
Boot Image: Primary

Boot ROM Version: KB.16.01.0008
Active Boot ROM: Primary

May be a good idea to upgrade

Greetings!

First, check the number of maximum concurrent sessions currently configured on the switch using the command show console:

switch# show console 

 Console/Serial Link

  Active Console : Serial

  USB Console Input Enabled [Yes] : Yes
  Inbound Telnet Enabled [Yes] : Yes
  Web Agent Enabled [Yes] : No 

  Terminal Type [VT100] : VT100   
  Screen Refresh Interval (sec) [3] : 3 
  Displayed Events [All] : All     
  Baud Rate [speed-sense] : speed-sense
  Flow Control [XON/XOFF] : XON/XOFF
  Global Session Idle Timeout (sec) [0] : 0   
  Serial/USB Console Idle Timeout (sec) [not set/900] : not set
  Current Session Idle Timeout (sec) : 0   
  Maximum Concurrent Sessions Allowed [7] : 7   
  Maximum Concurrent Sessions Allowed Per User [7] : 7   

If you need to change these values, use the commands console max-sessions and console max-user-sessions from the configuration context.

If this does not appear to be causing the issue, I would recommend upgrading the switch to the latest software release (KB.16.08.0003), if possible, and seeing if the issue persists. If it does, I would recommend opening a TAC case (if you haven't already) for a formal investigation.

Console settings eems to be ok, still get "Conection closed" as soon as i try a second ssh conection into the switch

BH-ASE-SunCom-AEdge-3810M-73-249# show console

Console/Serial Link

Active Console : Serial

USB Console Input Enabled [Yes] : Yes
Inbound Telnet Enabled [Yes] : No
Web Agent Enabled [Yes] : Yes

Terminal Type [VT100] : VT100
Screen Refresh Interval (sec) [3] : 3
Displayed Events [All] : All
Baud Rate [speed-sense] : speed-sense
Flow Control [XON/XOFF] : XON/XOFF
Global Session Idle Timeout (sec) [0] : 600
Serial/USB Console Idle Timeout (sec) [not set/900] : 600
Current Session Idle Timeout (sec) : 600
Maximum Concurrent Sessions Allowed [7] : 6
Maximum Concurrent Sessions Allowed Per User [7] : 6