ExtremeSwitching (EOS)

 View Only

 RESOLVED - RADIUS not working

Michael M.'s profile image
Michael M. posted 11-02-2021 09:37

I have a set of C-Series switches that are no longer working with RADIUS for some reason.  This was working at one point, but is no longer now and I am not sure what changed. 

If I run a Wireshark at my RADIUS server I can see the request come in and get accepted:

On the SSH session I see an access denied message:


When I review the console session I see the following:



Doug's profile image
Doug posted 11-04-2021 09:07
Is your RADIUS Filter-ID correct for the management of the switch?  https://extremeportal.force.com/ExtrArticleDetail?an=000080819 

The policy on the RADIUS server must be configured to send back a filter-ID with the accept packet. See below for syntax and options.
Filter ID:
Enterasys:version=1:mgmt=access-mgmtType
Options:
access-mgmtTypes supported are: ro (read-only), rw (read-write), and su (super-user).
Michael M.'s profile image
Michael M. posted 11-05-2021 16:43

@Doug ​I did have the correct rule in place.  Thank you.

The problem ended up being that I also had a rule in my RADIUS server for EXOS switches (https://extremeportal.force.com/ExtrArticleDetail?an=000078945).  In the RADIUS server ...this works like an ACL.  I had to move the EXOS rule below the EOS rule and logins started working again.