cancel
Showing results for 
Search instead for 
Did you mean: 

Enable RADIUS auth for CLI and EDM

Enable RADIUS auth for CLI and EDM

Anonymous
Not applicable

Hi,

Just in the process of configuring RADIUS on a 8404 using version 8.2.

First thing I notice is when I try and enter this command:

radius server host 172.9.99.120 key ****** source-ip 10.0.0.210

I get this error:

acli.pl: Redundant argument in sprintf

My assumption here is that this might be related to the new segmented management feature, so no longer need to define source-ip and enable

sourceip-flag

I see in the configuration guide there is this command:

radius server host WORD used-by {cli|snmp|web} 
  • cli—configure the server for CLI authentication.
  • eapol—configure the server for EAPoL authentication.
  • snmp—configure the server for SNMP authentication.
  • web—configure the server for Web authentication

I don’t think this is what I am expecting it to be, but confused why I can only select one at a time, The default is cli.

If I try this:

radius server host 158.119.128.243 used-by web enable

I get this error:

Error: setting RadiusServHostTbl, radius server does not exist

Although I think ‘used-by web’ isn’t related to the EDM, maybe web based authentication?

I have RADIUS configured just with the configuration below at the moment, and works when logging in for CLI access:

radius server host 158.119.128.243 key ******
radius server host 158.119.60.11 key ******
radius enable
radius accounting enable
radius accounting include-cli-commands

Issue is, how do I configure this so that (if its possible) that RADIUS auth is used for accessing the EDM? 

What about those other options, how do I use those if I can only select one at a time?

I know I’ve completely miss-understood here the purpose of the commands, but just trying to add some context to understand in bigger picture.

Maybe some examples of their use will help?

Many thanks in advance.

1 ACCEPTED SOLUTION

Ludovico_Steven
Extreme Employee

Martin

If you see an error message with “acli.pl” in front of it, that is a message from my ACLI terminal, not the switch itself.

Yes, the & character gets interpreted as an iteration of values by my terminal.

You can put double-quotes around the sharedSecret and ACLI terminal will not then interpret “&” inside the quotes and the VSP seems able to correctly process a secretKey inside double-quotes also, I just tested it (but not single quotes!! VSP then uses the single quotes as part of the shared secret!!).

Else you just hit CTRL-T and come out of interactive mode (% prompt) then issue the command there.

Best regards

Ludovico Stevens

View solution in original post

6 REPLIES 6

Anonymous
Not applicable

Hi Ludovico,

Need to change the answer to this post to your answer some how!

Hadn’t even dawned on me it could be that, gotten used to using the ACLI as a straight forward terminal emulator - taken it for granted :).

Interestingly I had been using Tera-Term, and just switched to the ACLI to get better outputs when using the cfg command.

Great to know as will bear this in mind in the future.

Thanks for testing, really appreciated.

Cheers,

Martin

Ludovico_Steven
Extreme Employee

Martin

If you see an error message with “acli.pl” in front of it, that is a message from my ACLI terminal, not the switch itself.

Yes, the & character gets interpreted as an iteration of values by my terminal.

You can put double-quotes around the sharedSecret and ACLI terminal will not then interpret “&” inside the quotes and the VSP seems able to correctly process a secretKey inside double-quotes also, I just tested it (but not single quotes!! VSP then uses the single quotes as part of the shared secret!!).

Else you just hit CTRL-T and come out of interactive mode (% prompt) then issue the command there.

Best regards

Ludovico Stevens

Anonymous
Not applicable

Same thing seems to be is happening when configuring the radius reachability account, have a password that contains characters:

@=!@[/*+_:|&?

And this this same error:

acli.pl: Redundant argument in sprintf

 

Anonymous
Not applicable

That worked!

Whether that is a bug or not I’m not sure, but one of these characters $ # ! & VOSS doesn’t like in the password?

GTM-P2G8KFN