ExtremeCloud A3

 View Only

 How to configure radius authentication for EXOS switch management

MLD's profile image
MLD posted 01-05-2022 15:40
Hello,

I'm trying to configure A3 as our radius-mgmt server for switch authentication. I found an older article that mentions only Cicso Management Authentications are supported? The EXOS switch is a 440G2 running 31.3.1.3-patch1-10, with radius mgmt-access enabled and correct shared-secret. I enabled 'CLI Access' under the device settings as well. The RADIUS log show 'Auth Rejected' and I'm not sure what step/filter I might be missing.

Any guidance or step-by-step guides you can provide would be great.

Thanks,
Matt
OscarK's profile image
OscarK
Hi, this should be possible nowadays with A3.
In System Configuration/Admin Access add a new admin role, give it Switches Cli Read or Write.
In your authentication source add an admin access rule and set the access-level to the admin access role you defined.
MLD's profile image
MLD
Forgot to mention that step as well, I created a new admin profile "Switch CLI" with both read and write switch cli access. That profile was added under my authentication source / administration rules / switch cli...

My auth source uses AD with ldap condition to match my account to the administration rule. I also added 'Connection Type' equals CLI-Access as a filter under my connection profile. The connection profile is set to Filters 'any'
OscarK's profile image
OscarK
I just got it working using local user accounts on A3.
See below article.
https://extremeportal.force.com/ExtrArticleDetail?an=000060486
MLD's profile image
MLD
Thanks for the article. Is it possible to query an internal AD source for the user instead of creating the admin accounts locally?
OscarK's profile image
OscarK
One important thing, you need to configure port 1815 for mgmt-access instead of 1812. However in my tests it did not make a difference and I could only authenticate through local A3 users, however I am checking why ldap does not work.