This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (General)
- Re: ISW Radius over Http/https
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
ISW Radius over Http/https
ISW Radius over Http/https
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-18-2018 06:49 PM
Community,
I configured the switch for Radius over ssh and telnet. However, when I setup the switch for to use radius over http/https I get the following error:
Insufficient Privilege Level
The web page is non-accessible. Please use the valid privilege level.
The ssh and telnet work fine but not sure how to configure the privilege level for http/https use since my user account is already priv 15.
Thanks,
-Joe
I configured the switch for Radius over ssh and telnet. However, when I setup the switch for to use radius over http/https I get the following error:
Insufficient Privilege Level
The web page is non-accessible. Please use the valid privilege level.
The ssh and telnet work fine but not sure how to configure the privilege level for http/https use since my user account is already priv 15.
Thanks,
-Joe
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
09-24-2020 08:23 AM
Just an update; Radius now working using attribute / value Cisco-AVPair=shell:priv-lvl=15.
/Hans Gudmund
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-30-2020 12:13 PM
Hi Joe,
I am currently trying to configure radius (using freeradius) for some ISW switches but without success. I have been searching around and found this post. Out of curiosity; what attribute and value did you use to get privilege level whit ssh-login? I have tried priv-lvl = 15 but this doesn’t seem to work, and so far I have only been able to get read-access.
Best regards,
Hans Gudmund
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-22-2018 11:03 AM
Thanks Roxanne, I'm not sure if this will fix the issue on the Extreme switch though. Unless you are referring to configuring the uplink switch for this. I do have the extreme switch connected to a CISCO 2960.
-Joe
-Joe
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-22-2018 08:25 AM
Hi Joe,
Cisco IOS Software with the HTTP V1.1 ServerIn releases of Cisco IOS Software with the HTTP V1.1 server, the HTTP sessions do not use vtys. They use sockets.
HTTP V1.1 Server - Before Cisco Bug ID CSCeb82510Before the integration of Cisco bug ID CSCeb82510 (registered customers only) in Cisco IOS Software Releases 12.3(7.3) and 12.3(7.3)T, the HTTP V1.1 server has to use the same authentication and authorization method that is configured for the console.
Cisco IOS Software with the HTTP V1.1 ServerIn releases of Cisco IOS Software with the HTTP V1.1 server, the HTTP sessions do not use vtys. They use sockets.
HTTP V1.1 Server - Before Cisco Bug ID CSCeb82510Before the integration of Cisco bug ID CSCeb82510 (registered customers only) in Cisco IOS Software Releases 12.3(7.3) and 12.3(7.3)T, the HTTP V1.1 server has to use the same authentication and authorization method that is configured for the console.
ip http server ! aaa new-model aaa authentication login CONSOLEandHTTP radius local aaa authorization exec CONSOLEandHTTP radius local ! ip http authentication aaa ! line con 0 login authentication CONSOLEandHTTP authorization exec CONSOLEandHTTPHTTP V1.1 Server - After Cisco Bug ID CSCeb82510With the integration of Cisco bug ID CSCeb82510 (registered customers only) in Cisco IOS Software Releases 12.3(7.3) and 12.3(7.3)T, the HTTP server can use independent authentication and authorization methods of its own, with new keywords in the ip http authentication aaa command. The new keywords are:
router(config)#ip http authentication aaa command-authorization listname router(config)#ip http authentication aaa exec-authorization listname router(config)#ip http authentication aaa login-authentication listnameThis is example output:
ip http server ! aaa new-model aaa authentication login HTTPonly radius local aaa authorization exec HTTPonly radius local ! ip http authentication aaa ip http authentication aaa exec-authorization HTTPonly ip http authentication aaa login-authentication HTTPonlyDebugIssue these debug commands in order to troubleshoot problems with HTTP authentication/authorization:
debug ip tcp transactions debug modem !--- If you use the HTTP 1.0 server. debug ip http authentication debug aaa authentication debug aaa authorizationdebug radius
