If Duo is seeing the authentication request then you likely have the switch setup correctly. What is the response that Duo is returning to the switch? In my setup I have ClearPass in between my switches and Duo but it should work connecting them directly. My switch config looks like this
radius-server host x.x.x.x key ciphertext ********* vrf datacenter
aaa authentication login default group radius local
aaa accounting all-mgmt default start-stop group radius
and ClearPass is returning a response that contains these attributes
Radius:Aruba:Aruba-Priv-Admin-User 15
Radius:IETF:Service-Type 6
I would start by checking the response from Duo to make sure it has the required attributes.
Original Message:
Sent: Jan 10, 2023 03:06 PM
From: Wes Wilson
Subject: ArubaCX 6000 using RADIUS (Duo Auth for MFA) for SSH authentication
Hello - I'm trying to implement RADIUS (Duo Auth) for SSH authentication on an ArubaCX 6000 switch. I'm running 10.08.1021 and Duo seems to be responding but the switch isn't responding back properly. Just curious if anyone has successfully set Duo RADIUS on an ArubaCX yet and if so, could you share your experience? Thanks