INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

Setting up RADIUS for management access using IDE as RADIUS server

Setting up RADIUS for management access using IDE as RADIUS server

(OP)
Hello,

I am trying to setup a freshly upgraded Avaya network to use RADIUS auth for SSH/Web/console access for all of the switches and routers. They want to use their Identity engines server as the RADIUS server. Avaya says this should work, but it's not for some reason. I configured the radius server and reachability settings on a test switch and created an authenticator entry in IDE for that switch as well. When I try to connect to the switch using my AD credentials I get a password failed, but I do not see any auth attempt on the IDE side. I did setup password fallback so I can still access the switch. Not sure what's missing.

These are the commands I used on the switch side. (not actual passwords )

radius server host 10.10.243.128 timeout 5
radius server host key "sh@reds3cret"
radius server host 10.10.243.129 secondary
radius reachability mode use-radius username "pap" password "test123"
cli password telnet radius
radius-server password failback


RE: Setting up RADIUS for management access using IDE as RADIUS server

(OP)
I was able to get this to work. Here is the switch side.

eapol enable
radius-server encapsulation ms-chap-v2
radius server host 10.10.10.128 acct-enable timeout 5
radius server host 10.10.10.129 secondary
radius server host 10.10.10.128 used-by eapol
radius server host 10.10.10.128 key Shared@Secret!
radius server host 10.10.10.129 secondary used-by eapol
radius-server password fallback
cli pass tel radius

On the IDE side you have to create a wired access policy and have it check the credentials against AD and if they match the correct group etc the policy needs to return a Outbound Value set to Outbound-Service-Type=6. This will give rwa access to the user. I have tested this with other wired access policies being implemented on the same switch so I am not sure how they would coexist. This customer wanted RADIUS access setup but demanded IDE be used as the RADIUS server.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close