Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Setting up RADIUS for management access using IDE as RADIUS server

Status
Not open for further replies.
atascoman

atascoman

Technical User
Joined
Oct 10, 2003
Messages
868
Location
US
Hello,

I am trying to setup a freshly upgraded Avaya network to use RADIUS auth for SSH/Web/console access for all of the switches and routers. They want to use their Identity engines server as the RADIUS server. Avaya says this should work, but it's not for some reason. I configured the radius server and reachability settings on a test switch and created an authenticator entry in IDE for that switch as well. When I try to connect to the switch using my AD credentials I get a password failed, but I do not see any auth attempt on the IDE side. I did setup password fallback so I can still access the switch. Not sure what's missing.

These are the commands I used on the switch side. (not actual passwords )

radius server host 10.10.243.128 timeout 5
radius server host key "sh@reds3cret"
radius server host 10.10.243.129 secondary
radius reachability mode use-radius username "pap" password "test123"
cli password telnet radius
radius-server password failback


 
Sort by date Sort by votes
I was able to get this to work. Here is the switch side.

eapol enable
radius-server encapsulation ms-chap-v2
radius server host 10.10.10.128 acct-enable timeout 5
radius server host 10.10.10.129 secondary
radius server host 10.10.10.128 used-by eapol
radius server host 10.10.10.128 key Shared@Secret!
radius server host 10.10.10.129 secondary used-by eapol
radius-server password fallback
cli pass tel radius

On the IDE side you have to create a wired access policy and have it check the credentials against AD and if they match the correct group etc the policy needs to return a Outbound Value set to Outbound-Service-Type=6. This will give rwa access to the user. I have tested this with other wired access policies being implemented on the same switch so I am not sure how they would coexist. This customer wanted RADIUS access setup but demanded IDE be used as the RADIUS server.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

tdhaslett
  • Locked
  • Question Question
Make outbound call using another extension
Replies
2
Views
2K
tdhaslett
tdhaslett
Marcin Stasiek
  • Locked
  • Question Question
Looking for latest firmware for AVAYA ERS4550T-PWR
Replies
0
Views
772
Marcin Stasiek
Marcin Stasiek
gcam10
  • Locked
  • Question Question
Looking for a Non DS DR5 Card in Canada
Replies
5
Views
1K
Masson
Masson
Peter021
  • Locked
  • Question Question
Avaya IPO Server Edition
Replies
7
Views
1K
Westi
Westi
K
  • Locked
  • Question Question
FreePBX Asterisk SIP trunk with IPO 500 outbound calling
Replies
1
Views
382
Firebird Scrambler
Firebird Scrambler

Part and Inventory Search

Sponsor

Back
Top