Comware

 View Only

  • 1.  HP2626 & freeradius

    Posted May 21, 2007 09:56 AM
    Hi,

    I want to manage the login to my ProCurve Switch 2626 with freeradius. Now I manage the login of my cisco switchs.

    I a newbie in hp switch, I've configured only this in switch:


    CODE
    aaa authentication telnet login radius local
    radius-server host 10.0.0.230 key SWMADCOREKEY

    and It's work I can login with users of my freeradis server, but when I login I don't get the exec promt (#), I have to execute enable and put the login and pass of local switch.

    In my freeradius server I had to add next line to login in my cisco switchs:


    CODE
    cisco-avpair = "shell:priv-lvl=15"

    Should I add something in freeradius configuration to work whit hp switchs ?

    Can any body give me a explample of configuracion of hp sw and freeradis ?

    Where can I get more information about this subject ?

    Thanks in advance.

    JI


  • 2.  RE: HP2626 & freeradius

    Posted May 21, 2007 12:17 PM
    You need to enable 'aaa authentication login privilege-mode' - check the Access Security Guide for more information on this feature.


  • 3.  RE: HP2626 & freeradius

    Posted May 21, 2007 12:22 PM
    i believe you also have to enter the following command.
    aaa authentication telnet enable radius local


  • 4.  RE: HP2626 & freeradius

    Posted May 21, 2007 01:19 PM
    Jose, take a look at page 12 in the following link.
    ftp://ftp.hp.com/pub/networking/software/6400-5300-4200-3400-Security-Oct2006-59906052-Chap06.pdf

    Matt is correct, however the the section dealing with this command seems to have been omitted from the Access Security Guide in the 2600 series manuals. The link above is from the 3400 series.


  • 5.  RE: HP2626 & freeradius

    Posted May 22, 2007 06:15 AM
    Hi all,

    I test the two commands:

    aaa authentication telnet enable radius local
    aaa authentication login privilege-mode

    And I can't login in "enable mode". I execute telnet, I put the user and password and I login in switch in the "login mode",
    then I execute enable command, I put same user and password, the switch accepts the login but I dosen't go to "enable modem".
    The switch accepts all user/password of radius server but I can get in "enable mode".

    Next, I erase the las command 'aaa authentication login privilege-mode' and now I can get in "enable mode",
    but I need to execute the "enable" command and to put the user and password again.

    Thanks for the help, I can work for a long time with the last configuration.

    BR // JI



Related Content