Extreme Networks

Rien_van_Maurik · ‎05-14-2025

Hello

Im working on a setup to configure ExtemeControl as radiusserver for CLI managment login in VOSS switches

The Set up EXOs switches is working , To configure this i use document: https://extreme-networks.my.site.com/ExtrArticleDetail?an=000081977&q=How-to-configure-NAC-to-handle....

Now I want to to the same for VOSS switches but I can't find any configuration example for this

Is there any example availible?

Kind Regards

Rien

Rien_van_Maurik · ‎05-23-2025

Hello EF

I did test the configuration you descript but to bad, the radius configuration between the VOSS switch and the EtremeControl EAC doesn't work; I'm Unable to login via SSH to manage teh Switches when the Radius is configured to the EAC.
when the radius configuration is to a NPS it works.

the firmware versions are:
Extreme XIQ-SE: Version 25.2.12.13, ExtremControl EAC: Version 25.2.12.13, VOSS version 9.1.1.0

I configure the ExtreControl and VOSS radius as below:

XIQ-SE/Control/Access Control/Engines/Engine Group “xxxx”/ Switches

The Radius Attributes to Send are:

XIQ-SE/Control/Access Control/configuration/ xxx/ Rules

Profile:

Accept Policy:

VOSS Switch radius Config:

#

# RADIUS CONFIGURATION

#

radius server host 10.1.5.232 key ******

radius server host 10.1.5.233 key ******

radius enable

radius reachability keep-alive-timer 0 unreachable-timer 30

radius reachability mode status-server

Based on this configuration I test the SSH cli login via a second putty session, the login failed there is no info logged in XIQ-Sem the log in the Switch is show below

KBD1-3_5-LAN-01:1(config)#sh log file tail

************************************************************************************

Command Execution Time: Fri May 23 15:06:17 2025 CEST

************************************************************************************

1 2025-05-23T15:06:07.225+02:00 KBD1-3_5-LAN-01 CP1 - 0x00004733 - 00000000 GlobalRouter SNMP ERROR Trap failed to find the MIB view for host 10.1.5.240:162

1 2025-05-23T15:06:07.225+02:00 KBD1-3_5-LAN-01 CP1 - 0x000d8580 - 00000000 GlobalRouter SSH INFO Unauthorized attempt to login from host 10.1.19.11

1 2025-05-23T15:06:07.224+02:00 KBD1-3_5-LAN-01 CP1 - 0x000d8602 - 00000000 GlobalRouter SSH INFO SSH invalid username/password for user rma017 on host 10.1.19.11, session_id = 2

1 2025-05-23T15:06:07.224+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45fd - 00000000 GlobalRouter RADIUS INFO All RADIUS servers are unreachable.

1 2025-05-23T15:06:07.224+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45fc - 00000000 GlobalRouter RADIUS INFO Radius message: No reply from RADIUS server 10.1.5.233.

1 2025-05-23T15:06:07.224+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45bf - 00000000 GlobalRouter RADIUS INFO RADIUS connection to server 10.1.5.233 failed

1 2025-05-23T15:06:07.224+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45eb - 00000000 GlobalRouter RADIUS INFO No reply from RADIUS server 10.1.5.233

1 2025-05-23T15:05:51.201+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45fc - 00000000 GlobalRouter RADIUS INFO Radius message: No reply from RADIUS server 10.1.5.232.

1 2025-05-23T15:05:51.201+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45bf - 00000000 GlobalRouter RADIUS INFO RADIUS connection to server 10.1.5.232 failed

1 2025-05-23T15:05:51.201+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45eb - 00000000 GlobalRouter RADIUS INFO No reply from RADIUS server 10.1.5.232

I see that the switch is Unable to communicate with the EAC, maybe is that the problem I’m try to solve this by configuring the "radius reachability" but no fix

============================================

To test the radius communication and username password I changed the configuration to a NPS server and that works fine

VOSS config:

#

# RADIUS CONFIGURATION

#

radius server host 10.1.17.25 key ******

radius server host 10.1.17.26 key ******

radius enable

radius reachability keep-alive-timer 0 unreachable-timer 30

radius reachability mode status-server

Voss Switch log:

KBD1-3_5-LAN-01:1(config)#sh log file tail

************************************************************************************

Command Execution Time: Fri May 23 15:19:29 2025 CEST

************************************************************************************

1 2025-05-23T15:19:20.470+02:00 KBD1-3_5-LAN-01 CP1 - 0x00004733 - 00000000 GlobalRouter SNMP ERROR Trap failed to find the MIB view for host 10.1.5.240:162

1 2025-05-23T15:19:19.469+02:00 KBD1-3_5-LAN-01 CP1 - 0x000d8602 - 00000000 GlobalRouter SSH INFO SSH CLI session start: user rma017 on host 10.1.19.11, session_id = 3

1 2025-05-23T15:19:19.464+02:00 KBD1-3_5-LAN-01 CP1 - 0x00004733 - 00000000 GlobalRouter SNMP ERROR Trap failed to find the MIB view for host 10.1.5.240:162

1 2025-05-23T15:19:19.464+02:00 KBD1-3_5-LAN-01 CP1 - 0x00004620 - 00000000 GlobalRouter SNMP INFO SSH new session login

1 2025-05-23T15:19:19.458+02:00 KBD1-3_5-LAN-01 CP1 - 0x000d8602 - 00000000 GlobalRouter SSH INFO SSH user authentication succeeded for user rma017 on host 10.1.19.11, session_id = 3

1 2025-05-23T15:19:19.458+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45ec - 00000000 GlobalRouter RADIUS INFO RADIUS authentication successful

1 2025-05-23T15:19:19.458+02:00 KBD1-3_5-LAN-01 CP1 - 0x000a45fc - 00000000 GlobalRouter RADIUS INFO Radius message:

1 2025-05-23T15:19:03.896+02:00 KBD1-3_5-LAN-01 CP1 - 0x00004733 - 00000000 GlobalRouter SNMP ERROR Trap failed to find the MIB view for host 10.1.5.240:162

I did something wrong, cab you help me with finding what?

thanks in advance

Rien

Rien_van_Maurik · ‎05-15-2025

Hello EF

Thank you for testing

kind regards

Rien

Extreme Networks

how to configure Extremecontrol for switch management access on voss

how to configure Extremecontrol for switch management access on voss