cancel
Showing results for 
Search instead for 
Did you mean: 

Radius Authentication

Radius Authentication

Walt_Witkowski
New Contributor II
We are currently using radius and duo for 2FA authentication on X460 series switches.  This works for SSH sessions to the switch and all commands are available/enabled.  However when we console in to the switch it appears that certain commands are not allowed even though we have admin rights. 
a86551427a0d4528b8aab0a56c787f35.png
Why does this not work for console but does for SSH.   Console login works but certain commands are rejected.  Is this a radius configuration issue or is this normal operation.  
Slot-2 P_MD_A150_SW_EDG_1_EX.dccc.edu.1 # show configuration | include radius
configure radius mgmt-access primary server x.x.x.x 1812 client-ip 172.27.199.5 vr VR-Default
configure radius mgmt-access primary shared-secret encrypted "#$J9WNJaSQ1eHIOhdJO1VL78Q6PC1eZ13rqhXmyvWt3ddfY39Jxr8="
configure radius mgmt-access secondary server x.x.x.x 1812 client-ip 172.27.199.5 vr VR-Default
configure radius mgmt-access secondary shared-secret encrypted "#$v0UTcC99FgyQ+NNwyWsDp1QflagMx/bKKPVVI0v55krcW1keOf0="
enable radius mgmt-access
configure radius mgmt-access timeout 20

thanks in advance
2 REPLIES 2

CThompsonEXOS
Extreme Employee
Regarding the it works in console but not via ssh.

It looks like the configuration gathered is from Slot-2(master) and the commands in the screenshot are being ran from a standby/backup slot.

Is you console in to Slot-2 and log in via with radius controls, it should work as expected.

Thanks,
Chris Thompson

CThompsonEXOS
Extreme Employee
Hi Walt,

Based on the ">", you have user rights being assigned via radius.  The radius server needs to be configured to send Service-Type 6:

https://extremeportal.force.com/ExtrArticleDetail?an=000078945

Thanks,
Chris Thompson
GTM-P2G8KFN