This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Enable RADIUS auth for CLI and EDM

Enable RADIUS auth for CLI and EDM

Go to solution
Anonymous
Not applicable

‎01-21-2021 10:52 AM

Hi,

Just in the process of configuring RADIUS on a 8404 using version 8.2.

First thing I notice is when I try and enter this command:

radius server host 172.9.99.120 key ****** source-ip 10.0.0.210

I get this error:

acli.pl: Redundant argument in sprintf

My assumption here is that this might be related to the new segmented management feature, so no longer need to define source-ip and enable

sourceip-flag

I see in the configuration guide there is this command:

radius server host WORD used-by {cli|snmp|web}
  • cli—configure the server for CLI authentication.
  • eapol—configure the server for EAPoL authentication.
  • snmp—configure the server for SNMP authentication.
  • web—configure the server for Web authentication

I don’t think this is what I am expecting it to be, but confused why I can only select one at a time, The default is cli.

If I try this:

radius server host 158.119.128.243 used-by web enable

I get this error:

Error: setting RadiusServHostTbl, radius server does not exist

Although I think ‘used-by web’ isn’t related to the EDM, maybe web based authentication?

I have RADIUS configured just with the configuration below at the moment, and works when logging in for CLI access:

radius server host 158.119.128.243 key ******
radius server host 158.119.60.11 key ******
radius enable
radius accounting enable
radius accounting include-cli-commands

Issue is, how do I configure this so that (if its possible) that RADIUS auth is used for accessing the EDM? 

What about those other options, how do I use those if I can only select one at a time?

I know I’ve completely miss-understood here the purpose of the commands, but just trying to add some context to understand in bigger picture.

Maybe some examples of their use will help?

Many thanks in advance.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Ludovico_Steven
Extreme Employee

‎01-21-2021 01:44 PM

Martin

If you see an error message with “acli.pl” in front of it, that is a message from my ACLI terminal, not the switch itself.

Yes, the & character gets interpreted as an iteration of values by my terminal.

You can put double-quotes around the sharedSecret and ACLI terminal will not then interpret “&” inside the quotes and the VSP seems able to correctly process a secretKey inside double-quotes also, I just tested it (but not single quotes!! VSP then uses the single quotes as part of the shared secret!!).

Else you just hit CTRL-T and come out of interactive mode (% prompt) then issue the command there.

Best regards

Ludovico Stevens

View solution in original post

0 Kudos
6 REPLIES 6

Go to solution
Anonymous
Not applicable

‎01-21-2021 12:33 PM

Hi Mig,

Thanks for posting back.

I currently have this in place:

radius server host 10.119.128.243 key ****** 
radius server host 10.119.60.11 key ****** 
radius enable 
radius accounting enable 
radius accounting include-cli-commands

Which works for cli login, but when I try and add either:

radius server host 10.119.128.243 used-by web enable

or

radius server host 10.119.128.243 key ********* used-by web

I get this error:

acli.pl: Redundant argument in sprintf

if I try it this way around:

radius server host 10.119.128.243 used-by web key **********

I get this error:

Error: setting RadiusServHostTbl, radius server does not exist

Looking at the the ‘redundant argument in sprintf’ error I noticed that it didn't seem to get any arguments after the password, like ‘used-by web’, see below:

43d80c0348034592a7b52aedf063e2cc_990b4d8b-6663-4adf-aff6-38cece0fa057.png

Yet if I used a different password it does!

43d80c0348034592a7b52aedf063e2cc_b75b082a-ed43-4851-9677-c811c48abd6d.png

I think the issue might be because I’m using characters in my password like $ # ! &, and something in that it doesn’t like.

I’ll have a play and post back

Cheers,

Martin

 

 

0 Kudos

Go to solution
Miguel-Angel_RO
Valued Contributor II

‎01-21-2021 11:43 AM

Hi Martin,

 

Here a working config in prod (obfuscated):

radius server host A.B.C.D key ******
radius server host A.B.C.E key ******
radius server host A.B.C.D key ******  used-by web
radius server host A.B.C.E key ******  used-by web
radius enable
radius reachability username USER password PASSWORD

 

Mig

 

0 Kudos
GTM-P2G8KFN