AAA not working after stacking x450e

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I used easy stack to build a two switch stack with a pair of x450e switches. The Stack came up perfectly and I copied in my original config and with a few small tweaks everything is working with the exception of AAA. Anyone run into this issue after stacking? 

I can only login using the failsafe user/pw. Also I enabled web http and I cannot login using the failsafe. I looked at the auditing for AAA and don't see it hitting the RADIUS server.

Config.

 Module devmgr configuration.#
configure snmp sysName "Extreme-Core"
configure snmp sysLocation ""
configure snmp sysContact "\"
configure slot 1 module X450e-48p
configure sys-recovery-level slot 1 reset
configure slot 2 module X450e-48p
configure sys-recovery-level slot 2 reset

#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1:1-50, 2:1-50
configure vr VR-Default add ports 1:1-50, 2:1-50
configure vlan default delete ports 1:1-50, 2:1-48
create vlan "BlackHole"
configure vlan BlackHole tag 666
create vlan "Data"
configure vlan Data tag 3
create vlan "iSCSI"
configure vlan iSCSI tag 6
create vlan "Mgmt99"
configure vlan Mgmt99 tag 99
create vlan "Servers"
configure vlan Servers tag 10
create vlan "Voice"
configure vlan Voice tag 2
configure vlan BlackHole add ports 1:49-50 untagged
configure vlan Data add ports 1:44-48 tagged
configure vlan Data add ports 1:3-4 untagged
configure vlan Default add ports 2:49-50 untagged
configure vlan Mgmt99 add ports 1:44-48 tagged
configure vlan Mgmt99 add ports 1:1-2, 1:26, 1:39-43 untagged
configure vlan Servers add ports 1:5-25, 1:27-38, 2:1-32 untagged
configure vlan Voice add ports 1:44-48 tagged
configure vlan Data ipaddress 10.10.0.2 255.255.255.0
enable ipforwarding vlan Data
configure vlan Mgmt99 ipaddress 10.10.99.2 255.255.255.0
enable ipforwarding vlan Mgmt99
configure vlan Servers ipaddress 10.20.1.200 255.255.255.0
enable ipforwarding vlan Servers
configure vlan Voice ipaddress 10.100.0.2 255.255.255.0
enable ipforwarding vlan Voice

#
# Module fdb configuration.
#

#
# Module rtmgr configuration.
#
configure iproute add default 10.10.99.1

#
# Module mcmgr configuration.
#

#
# Module aaa configuration.
#
configure radius mgmt-access primary server 10.20.1.48 1645 client-ip 10.10.99.2 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "xxx"
configure radius mgmt-access secondary server 10.20.1.58 1645 client-ip 10.10.99.2 vr VR-Default
configure radius mgmt-access secondary shared-secret encrypted "xxx"
configure radius-accounting mgmt-access primary server 10.20.1.48 1646 client-ip 10.10.99.2 vr VR-Default
configure radius-accounting mgmt-access primary shared-secret encrypted "xxx"
configure radius-accounting mgmt-access secondary server 10.20.1.58 1646 client-ip 10.10.99.2 vr VR-Default
configure radius-accounting mgmt-access secondary shared-secret encrypted "xxx"
enable radius mgmt-access
enable radius-accounting mgmt-access

#
# Module acl configuration.
#



configure access-list zone SYSTEM application NetLogin application-priority 3
configure access-list zone SYSTEM application HealthCheckLAG application-priority 4
configure access-list zone SYSTEM application IdentityManager application-priority 5
configure access-list zone SYSTEM application VMTracking application-priority 6
configure access-list zone SYSTEM application FIPSnooping application-priority 7
configure access-list zone SYSTEM application ESVT application-priority 8
configure access-list zone SYSTEM application Snmp application-priority 9
configure access-list zone SYSTEM application Telnet application-priority 10
configure access-list zone SYSTEM application Http application-priority 11
configure access-list zone SYSTEM application Ssh2 application-priority 12
configure access-list zone SYSTEM application PolicyManager application-priority 13
configure access-list zone SYSTEM application OpenFlow application-priority 14

#
# Module bfd configuration.
#

#
# Module cfgmgr configuration.
#

#
# Module dosprotect configuration.
#

#
# Module dot1ag configuration.
#

#
# Module eaps configuration.
#

#
# Module edp configuration.
#

#
# Module elrp configuration.
#
enable elrp-client
configure elrp-client periodic Data ports all interval 1 log-and-trap disable-port duration 15
configure elrp-client periodic Voice ports all interval 1 log-and-trap disable-port duration 15
configure elrp-client disable-port exclude 1:44
configure elrp-client disable-port exclude 1:45
configure elrp-client disable-port exclude 1:46
configure elrp-client disable-port exclude 1:47
configure elrp-client disable-port exclude 1:48

#
# Module ems configuration.
#

#
# Module epm configuration.
#

#
# Module erps configuration.
#

#
# Module esrp configuration.
#

#
# Module ethoam configuration.
#

#
# Module etmon configuration.
#

#
# Module exsshd configuration.
#
enable ssh2

#
# Module hal configuration.
#

#
# Module idMgr configuration.
#

#
# Module ipSecurity configuration.
#

#
# Module ipfix configuration.
#

#
# Module lldp configuration.
#
enable lldp ports 1:1
enable lldp ports 1:2
enable lldp ports 1:3
enable lldp ports 1:4
enable lldp ports 1:5
enable lldp ports 1:6
enable lldp ports 1:7
enable lldp ports 1:8
enable lldp ports 1:9
enable lldp ports 1:10
enable lldp ports 1:11
enable lldp ports 1:12
enable lldp ports 1:13
enable lldp ports 1:14
enable lldp ports 1:15
enable lldp ports 1:16
enable lldp ports 1:17
enable lldp ports 1:18
enable lldp ports 1:19
enable lldp ports 1:20
enable lldp ports 1:21
enable lldp ports 1:22
enable lldp ports 1:23
enable lldp ports 1:24
enable lldp ports 1:25
enable lldp ports 1:26
enable lldp ports 1:27
enable lldp ports 1:28
enable lldp ports 1:29
enable lldp ports 1:30
enable lldp ports 1:31
enable lldp ports 1:32
enable lldp ports 1:33
enable lldp ports 1:34
enable lldp ports 1:35
enable lldp ports 1:36
enable lldp ports 1:37
enable lldp ports 1:38
enable lldp ports 1:39
enable lldp ports 1:40
enable lldp ports 1:41
enable lldp ports 1:42
enable lldp ports 1:43
enable lldp ports 1:44
enable lldp ports 1:45
enable lldp ports 1:46
enable lldp ports 1:47
enable lldp ports 1:48
enable lldp ports 1:49
enable lldp ports 1:50
enable lldp ports 2:1
enable lldp ports 2:2
enable lldp ports 2:3
enable lldp ports 2:4
enable lldp ports 2:5
enable lldp ports 2:6
enable lldp ports 2:7
enable lldp ports 2:8
enable lldp ports 2:9
enable lldp ports 2:10
enable lldp ports 2:11
enable lldp ports 2:12
enable lldp ports 2:13
enable lldp ports 2:14
enable lldp ports 2:15
enable lldp ports 2:16
enable lldp ports 2:17
enable lldp ports 2:18
enable lldp ports 2:19
enable lldp ports 2:20
enable lldp ports 2:21
enable lldp ports 2:22
enable lldp ports 2:23
enable lldp ports 2:24
enable lldp ports 2:25
enable lldp ports 2:26
enable lldp ports 2:27
enable lldp ports 2:28
enable lldp ports 2:29
enable lldp ports 2:30
enable lldp ports 2:31
enable lldp ports 2:32
enable lldp ports 2:33
enable lldp ports 2:34
enable lldp ports 2:35
enable lldp ports 2:36
enable lldp ports 2:37
enable lldp ports 2:38
enable lldp ports 2:39
enable lldp ports 2:40
enable lldp ports 2:41
enable lldp ports 2:42
enable lldp ports 2:43
enable lldp ports 2:44
enable lldp ports 2:45
enable lldp ports 2:46
enable lldp ports 2:47
enable lldp ports 2:48
enable lldp ports 2:49
enable lldp ports 2:50

#
# Module mrp configuration.
#

#
# Module msdp configuration.
#

#
# Module netLogin configuration.
#

#
# Module netTools configuration.
#
configure sntp-client primary 10.20.1.48 vr VR-Default
enable sntp-client

#
# Module poe configuration.
#

#
# Module rip configuration.
#

#
# Module ripng configuration.
#

#
# Module snmpMaster configuration.
#
configure snmpv3 add community NOV_IT name NOV_IT user v1v2c_ro
disable snmpv3 default-group
disable snmpv3 default-user
disable snmp traps

#
# Module stp configuration.
#
configure mstp region 000496348f84
configure stpd s0 delete vlan default ports all
disable stpd s0 auto-bind vlan default
enable stpd s0 auto-bind vlan Default

#
# Module telnetd configuration.
#

#
# Module tftpd configuration.
#

#
# Module thttpd configuration.
#
enable web http

#
# Module vmt configuration.
#

#
# Module vsm configuration.
Photo of Andrew Schulz

Andrew Schulz

  • 432 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Andrew Schulz

Andrew Schulz

  • 432 Points 250 badge 2x thumb
Okay, so it's hitting the RADIUS server, but the logs aren't really telling me much. It appears it's not seeing the friendly name of the client. I deleted it and readded, that didn't help. Not sure why it's different now that it's in a stack.
Photo of Drew C.

Drew C., Community Manager

  • 37,308 Points 20k badge 2x thumb
Have you been able to get this working, Andrew?
Photo of Andrew Schulz

Andrew Schulz

  • 432 Points 250 badge 2x thumb
Sorry about the long delay. So, I got it working again. Not sure what happened entirely but I noticed that I was not able to login via web http using the local account. I then tried to update the password on that account and it would fail with something about the stack could not update. So, I deleted the account entirely and recreated it. I was then able to login to the web interface and set RADIUS and it started working again. Not sure what was different between my CLI setup and the Web setup, but something was different and solved it.