This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

External Radius Logins for AAA Network authentication "monitor only"

External Radius Logins for AAA Network authentication "monitor only"

Go to solution
Aaron_Becker
New Contributor II

‎01-14-2019 03:41 PM

Currently working on a NX5500 Controller and we cannot get the administrative logins (SSH, HTTPS) to work with Radius. We are able to log in as a Radius user, but are unable to edit anything. Below is the config from the CLI.

aaa-policy AAA-RADIUS-AUTH
authentication server 1 host 192.168.0.1 secret 0 12345

radius-group network-radius-authentication-group
policy access web ssh telnet console
policy role superuser

management-policy CONTROLLER-RADIUS
no telnet
no http server
https server
rest-server
no ftp
ssh
user admin password 1 b967e3847818d317f14c61785831183139a351123a98706f77fc983f6142879f role superuser access all
no snmp-server manager v3
aaa-login radius fallback
aaa-login radius policy AAA-RADIUS-AUTH

We've followed
https://extremeportal.force.com/ExtrArticleDetail?an=000081612

What are we missing?

0 Kudos
1 ACCEPTED SOLUTION
4 REPLIES 4

Go to solution
Aaron_Becker
New Contributor II

‎01-20-2019 06:30 PM

Thanks. I hadn't seen that documentation before. Much appreciated!
0 Kudos

Go to solution
Aaron_Becker
New Contributor II

‎01-14-2019 09:45 PM

Yes, and as you can see in my above CLI posts, I configured that. I think I'm missing something between the Radius groups and the actual radius server. I don't think it's actually checking the radius server for the group permissions, since that isn't really how radius works in the first place. Is it perhaps using LDAP on the backend to find the user groups permissions?
0 Kudos

Go to solution
Ronald_Dvorak
Honored Contributor

‎01-14-2019 09:42 PM

I'ver never configured it but could it be that the KB article includes the problem/answer....

"AAA login requires also RADIUS group | role to be assigned to an account, otherwise it will be using monitor privileges only.
If you want to set different level of access, you have to create specific RADIUS groups, i.e.:"
0 Kudos
GTM-P2G8KFN