Tim_Jr
asked on
HP procurve and IAS
Hi experts. I'm looking to setup my HP procurve 2610 with RADIUS authentication. I'm familiar with the Cisco implementation as far as AAA and the policy setup on the server...
But I'm having problems with the IAS policies and the exact setup on the procurve. I know some commands are a little different. I would appreciate the commands I need to setup radius authentication on the procurve and the policy setup I need on my Windows 2003 Server. Thank you much.
But I'm having problems with the IAS policies and the exact setup on the procurve. I know some commands are a little different. I would appreciate the commands I need to setup radius authentication on the procurve and the policy setup I need on my Windows 2003 Server. Thank you much.
ASKER
I'm just trying to setup the RADIUS authentication for logging into the switch via web and ssh. I'm not looking to do switch port authentication with the IAS server
Anyway, I found those links already. I followed the steps but it is not working. My concern is with the IAS policy, basically it tells you to setup a policy to authenticate based upon a Windows group membership. I understand that, but the policy has to be more in depth than just that. The cisco policy I setup was more detailed and I imagine this must be somewhat of a similar setup.
Anyway, I found those links already. I followed the steps but it is not working. My concern is with the IAS policy, basically it tells you to setup a policy to authenticate based upon a Windows group membership. I understand that, but the policy has to be more in depth than just that. The cisco policy I setup was more detailed and I imagine this must be somewhat of a similar setup.
ASKER
Ok as of right now I have it setup where I am getting authenticated from the RADIUS server, but I am still not able to login to the switch. Here is my config for the switch:
console inactivity-timer 15
no telnet-server
ip default-gateway 172.16.1.242
sntp server 172.16.1.97
timesync sntp
vlan 1
name "DEFAULT_VLAN"
untagged 1-28
ip address 172.16.1.240 255.255.255.0
exit
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
radius-server host 172.16.1.11 key secretkey1
ip ssh
password manager
When I attempt to login to the switch with my domain credentials, I see in the IAS log that it is authenticating my credentials, but I am still not authorized to get into the switch for some reason. The switch log shows:
I 01/01/90 17:57:16 ip: network enabled on 172.16.1.240
I 01/01/90 17:59:40 mgr: SME SSH from 172.16.2.15 - MANAGER Mode
W 01/01/90 18:14:59 auth: Invalid user name/password on SSH session
W 01/01/90 18:19:10 auth: Invalid user name/password on SSH session
console inactivity-timer 15
no telnet-server
ip default-gateway 172.16.1.242
sntp server 172.16.1.97
timesync sntp
vlan 1
name "DEFAULT_VLAN"
untagged 1-28
ip address 172.16.1.240 255.255.255.0
exit
aaa authentication login privilege-mode
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
radius-server host 172.16.1.11 key secretkey1
ip ssh
password manager
When I attempt to login to the switch with my domain credentials, I see in the IAS log that it is authenticating my credentials, but I am still not authorized to get into the switch for some reason. The switch log shows:
I 01/01/90 17:57:16 ip: network enabled on 172.16.1.240
I 01/01/90 17:59:40 mgr: SME SSH from 172.16.2.15 - MANAGER Mode
W 01/01/90 18:14:59 auth: Invalid user name/password on SSH session
W 01/01/90 18:19:10 auth: Invalid user name/password on SSH session
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.hp.com/rnd/pdf_html/guest_vlan_paper.htm
If yes, plese refer this page:
http://h40060.www4.hp.com/procurve/uk/en/pdfs/application-notes/AN-S9_ProCurve-802.1x-configuration-final-091608.pdf
Best regards,
Istvan