This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RESOLVED - RADIUS not working

RESOLVED - RADIUS not working

MichaelM1
New Contributor II

‎11-02-2021 08:41 AM

I have a set of C-Series switches that are no longer working with RADIUS for some reason.  This was working at one point, but is no longer now and I am not sure what changed. 

If I run a Wireshark at my RADIUS server I can see the request come in and get accepted:
87f79e8d07a0437b8d0eac0a4d20d3b5.png

On the SSH session I see an access denied message:

eb42adf89d4c400eabfec401b55c20af.png
When I review the console session I see the following:

f0b34a52c08b49efa01204156b6e3a4b.png

0 Kudos
2 REPLIES 2

MichaelM1
New Contributor II

‎11-05-2021 04:36 PM

@Doug ​I did have the correct rule in place.  Thank you.

The problem ended up being that I also had a rule in my RADIUS server for EXOS switches (https://extremeportal.force.com/ExtrArticleDetail?an=000078945).  In the RADIUS server ...this works like an ACL.  I had to move the EXOS rule below the EOS rule and logins started working again.

4ad2d9e0745d4072be6a916799853dff.png

0 Kudos

Doug
Extreme Employee

‎11-04-2021 09:06 AM

Is your RADIUS Filter-ID correct for the management of the switch?  https://extremeportal.force.com/ExtrArticleDetail?an=000080819 

The policy on the RADIUS server must be configured to send back a filter-ID with the accept packet. See below for syntax and options.
Filter ID:
Enterasys:version=1:mgmt=access-mgmtType
Options:
access-mgmtTypes supported are: ro (read-only), rw (read-write), and su (super-user).
Doug Hyde
Director, Technical Support / Extreme Networks
0 Kudos
GTM-P2G8KFN