cancel
Showing results for 
Search instead for 
Did you mean: 

RESOLVED - RADIUS not working

RESOLVED - RADIUS not working

MichaelM1
New Contributor II

I have a set of C-Series switches that are no longer working with RADIUS for some reason.  This was working at one point, but is no longer now and I am not sure what changed. 

If I run a Wireshark at my RADIUS server I can see the request come in and get accepted:
87f79e8d07a0437b8d0eac0a4d20d3b5.png

On the SSH session I see an access denied message:

eb42adf89d4c400eabfec401b55c20af.png
When I review the console session I see the following:

f0b34a52c08b49efa01204156b6e3a4b.png

2 REPLIES 2

MichaelM1
New Contributor II

@Doug ​I did have the correct rule in place.  Thank you.

The problem ended up being that I also had a rule in my RADIUS server for EXOS switches (https://extremeportal.force.com/ExtrArticleDetail?an=000078945).  In the RADIUS server ...this works like an ACL.  I had to move the EXOS rule below the EOS rule and logins started working again.

4ad2d9e0745d4072be6a916799853dff.png

Doug
Extreme Employee
Is your RADIUS Filter-ID correct for the management of the switch?  https://extremeportal.force.com/ExtrArticleDetail?an=000080819 

The policy on the RADIUS server must be configured to send back a filter-ID with the accept packet. See below for syntax and options.
Filter ID:
Enterasys:version=1:mgmt=access-mgmtType
Options:
access-mgmtTypes supported are: ro (read-only), rw (read-write), and su (super-user).
Doug Hyde
Director, Technical Support / Extreme Networks
GTM-P2G8KFN