Can't telnet to a slot in a stack with radius enabled
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-05-2015 02:09 PM
We have a network that consists of stacks for X460s and X440s. This district has several admins, so in an affort to provide accountability we recently enable radius login on all the stacks. Radius was and is working great except for today when investigating a slot failure we discovered we cannot telnet from the master to slot 5.
The command works but login fails. The stacks are configured to accept the admin account and password if both radius servers are down, but the radius servers are up so the admin account does not work.
The slots do not have ip addresses which we are speculating is the reason radius won't work.
Inorder to telnet to slot 5 I had to disable radius on the stack and then re-enabled when I was done checking out the slot.
Do we have any options?
The command works but login fails. The stacks are configured to accept the admin account and password if both radius servers are down, but the radius servers are up so the admin account does not work.
The slots do not have ip addresses which we are speculating is the reason radius won't work.
Inorder to telnet to slot 5 I had to disable radius on the stack and then re-enabled when I was done checking out the slot.
Do we have any options?
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-08-2016 07:24 PM
Hi,
today I had a related, but slightly different problem with telnet from the standby slot to the master slot in a two switch stack of X670-G2s.
I could log in to the console port on the standby node (the master node is in a different location) using RADIUS authentication. But when I tried to connect to the master slot using telnet slot 2, the password was not accepted and an error message was logged:
The stack uses EXOS 16.1.3.6-patch1-8.
Is this a known issue? Does anybody have an idea what to check or what might cause an issue like this?
Thanks,
Erik
today I had a related, but slightly different problem with telnet from the standby slot to the master slot in a two switch stack of X670-G2s.
I could log in to the console port on the standby node (the master node is in a different location) using RADIUS authentication. But when I tried to connect to the master slot using telnet slot 2, the password was not accepted and an error message was logged:
Login to the stack via SSH works with RADIUS authentication as well.Slot-2: Failed to send authentication to RADIUS servers, trying local.
Slot-2: Login failed for user ****** through slot-1
The stack uses EXOS 16.1.3.6-patch1-8.
Is this a known issue? Does anybody have an idea what to check or what might cause an issue like this?
Thanks,
Erik
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-05-2015 04:29 PM
Thanks Drew,
The stack were we encountered the issue is running 15.5.3.4 and we have another stack running 16.1 that does not seem to have the same issue so we are going to test to see if the code version makes a difference. If that does not work I will most likely take your advice.
The stack were we encountered the issue is running 15.5.3.4 and we have another stack running 16.1 that does not seem to have the same issue so we are going to test to see if the code version makes a difference. If that does not work I will most likely take your advice.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-05-2015 04:29 PM
Thanks for coming back with the solution! This sounds like information for us to add to GTAC Knowledge.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎10-05-2015 04:29 PM
All,
We did a packet capture and found that sends a NAS-Port value of "Async(0)" Our radius server was configured to only accept NAS-Port "VPN" hence the radious falure.
As a side note we found that Async(0) is the same value that serial port uses, so that was likly being blocked as well.
Hope this helps someone down the road
We did a packet capture and found that
As a side note we found that Async(0) is the same value that serial port uses, so that was likly being blocked as well.
Hope this helps someone down the road