Wired Intelligent Edge

 View Only
last person joined: 16 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

ArubaCX 6000 using RADIUS (Duo Auth for MFA) for SSH authentication

This thread has been viewed 22 times

  • 1.  ArubaCX 6000 using RADIUS (Duo Auth for MFA) for SSH authentication

    Posted Jan 10, 2023 03:06 PM
    Hello - I'm trying to implement RADIUS (Duo Auth) for SSH authentication on an ArubaCX 6000 switch. I'm running 10.08.1021 and Duo seems to be responding but the switch isn't responding back properly. Just curious if anyone has successfully set Duo RADIUS on an ArubaCX yet and if so, could you share your experience? Thanks


  • 2.  RE: ArubaCX 6000 using RADIUS (Duo Auth for MFA) for SSH authentication

    Posted Jan 10, 2023 03:24 PM
    If Duo is seeing the authentication request then you likely have the switch setup correctly.  What is the response that Duo is returning to the switch?  In my setup I have ClearPass in between my switches and Duo but it should work connecting them directly.  My switch config looks like this
    radius-server host x.x.x.x key ciphertext ********* vrf datacenter
aaa authentication login default group radius local
aaa accounting all-mgmt default start-stop group radius

    and ClearPass is returning a response that contains these attributes
    Radius:Aruba:Aruba-Priv-Admin-User	15
Radius:IETF:Service-Type	6​


    I would start by checking the response from Duo to make sure it has the required attributes.


    Original Message


  • 3.  RE: ArubaCX 6000 using RADIUS (Duo Auth for MFA) for SSH authentication

    Posted Jan 23, 2023 11:25 AM
    Thanks for providing an example.  I haven't been able to get back on to this project yet as other priorities have come up but I will get with Duo support to troubleshoot further.  Thanks
    Original Message


  • 4.  RE: ArubaCX 6000 using RADIUS (Duo Auth for MFA) for SSH authentication

    Posted Jan 27, 2023 09:12 AM
    Capture the packets between switch and radius server to identify the issue

    ------------------------------
    Shobana
    Aruba
    ------------------------------

    Original Message