cancel
Showing results for 
Search instead for 
Did you mean: 

Can't telnet to a slot in a stack with radius enabled

Can't telnet to a slot in a stack with radius enabled

davidj_cogliane
Contributor
We have a network that consists of stacks for X460s and X440s. This district has several admins, so in an affort to provide accountability we recently enable radius login on all the stacks. Radius was and is working great except for today when investigating a slot failure we discovered we cannot telnet from the master to slot 5.
The command works but login fails. The stacks are configured to accept the admin account and password if both radius servers are down, but the radius servers are up so the admin account does not work.
The slots do not have ip addresses which we are speculating is the reason radius won't work.

Inorder to telnet to slot 5 I had to disable radius on the stack and then re-enabled when I was done checking out the slot.

Do we have any options?
6 REPLIES 6

Erik_Auerswald
Contributor II
Hi,

today I had a related, but slightly different problem with telnet from the standby slot to the master slot in a two switch stack of X670-G2s.

I could log in to the console port on the standby node (the master node is in a different location) using RADIUS authentication. But when I tried to connect to the master slot using telnet slot 2, the password was not accepted and an error message was logged:
Slot-2: Failed to send authentication to RADIUS servers, trying local.
Slot-2: Login failed for user ****** through slot-1
Login to the stack via SSH works with RADIUS authentication as well.

The stack uses EXOS 16.1.3.6-patch1-8.

Is this a known issue? Does anybody have an idea what to check or what might cause an issue like this?

Thanks,
Erik

davidj_cogliane
Contributor
Thanks Drew,

The stack were we encountered the issue is running 15.5.3.4 and we have another stack running 16.1 that does not seem to have the same issue so we are going to test to see if the code version makes a difference. If that does not work I will most likely take your advice.

Drew_C
Valued Contributor III
Thanks for coming back with the solution! This sounds like information for us to add to GTAC Knowledge.

All,

We did a packet capture and found that sends a NAS-Port value of "Async(0)" Our radius server was configured to only accept NAS-Port "VPN" hence the radious falure.

As a side note we found that Async(0) is the same value that serial port uses, so that was likly being blocked as well.

Hope this helps someone down the road
GTM-P2G8KFN