Hi All,
We are doing hardware refresh for customer where in we are replacing old hp switches with AOS-CX 6100 switches ver 10.10.1040.
If somebody can help for configuring AAA commands equivalent to what customer is having currently on HP switches.
AAA commands on HP switches which are in use are as below & need your help for equivalent commands to configure the same feature.
########################################################
radius-server host 10.20.20.87 key ***
radius-server host 10.20.20.87 dyn-authorization
radius-server host 10.20.20.87 time-window 0
radius-server host 10.40.20.87 key ***
radius-server host 10.40.20.87 dyn-authorization
radius-server host 10.40.20.87 time-window 0
radius-server host 10.20.20.87 dyn-authorization
radius-server host 10.20.20.87 time-window 0
radius-server host 10.40.20.87 dyn-authorization
radius-server host 10.40.20.87 time-window 0
aaa server-group radius "RADGRP" host 10.20.20.87
aaa server-group radius "RADGRP" host 10.40.20.87
aaa accounting update periodic 5
aaa accounting network start-stop radius server-group "RADGRP"
aaa authentication login privilege-mode
aaa authentication web login radius server-group "RADGRP" local
aaa authentication web enable radius server-group "RADGRP" local
aaa authentication ssh login radius server-group "RADGRP" local
aaa authentication ssh enable radius server-group "RADGRP" local
aaa authentication port-access eap-radius server-group "RADGRP"
aaa authentication mac-based chap-radius server-group "RADGRP"
aaa port-access authenticator active
aaa port-access authenticator 1-2
aaa port-access authenticator 1 tx-period 10
aaa port-access authenticator 1 supplicant-timeout 10
aaa port-access authenticator 1 client-limit 2
aaa port-access authenticator 2 tx-period 10
aaa port-access authenticator 2 supplicant-timeout 10
aaa port-access authenticator 2 client-limit 2
aaa port-access mac-based 3
aaa port-access mac-based 3 logoff-period 9999999
aaa port-access 3 controlled-direction in
aaa authentication port-access eap-radius server-group "RADGRP"
aaa authentication mac-based chap-radius server-group "RADGRP"
##################################################
I have currently figured out below commands for AOS-CX but want somebody to help verifying them if it can serve the purpose.
radius-server host 10.20.20.87 key ciphertext ***
radius-server host 10.40.20.87 key ciphertext ***
aaa authentication allow-fail-through
!
aaa group server radius RADGRP
server 10.20.20.87
server 10.40.20.87
aaa authentication login ssh group RADGRP local
aaa authentication login default group RADGRP local
aaa authentication login https-server group RADGRP local
aaa accounting port-access start-stop interim 5 group RADGRP
aaa authentication port-access dot1x authenticator
radius server-group RADGRP
enable
aaa authentication port-access mac-auth
radius server-group RADGRP
enable
interface 1/1/7
no shutdown
vlan access 1
aaa authentication port-access client-limit 2
aaa authentication port-access dot1x authenticator
eapol-timeout 10
enable
exit
interface 1/1/8
no shutdown
vlan access 1
aaa authentication port-access client-limit 2
aaa authentication port-access mac-auth
reauth
reauth-period 9999999
enable
exit
TIA -
Nilesh.