Enterprise

Community Forums Switches

Access CE6810 switch by r...

Access CE6810 switch by radius authentication

Created: May 4, 2018 07:03:59Latest reply: May 11, 2018 06:49:50 1189 1 0 0

display all floors ^#1

Fault Type	Operation and maintenance >> Login
Issue Description	Customer want to configuration the radius authentication when access the switch use SSH.But it can’t working after configuration the radius Switch is CE6810-32T16S4Q-LI Version V200R002C50SPC800 Current configuration as follow: radius server group stmb radius server shared-key-cipher %^%#7&\|^Cp[sxP@`&fW1ec!;M96IuO38aQ$C=U/25=%^%# radius server authentication 172.18.10.141 1645 radius server authentication 172.18.10.157 1645 secondary radius server accounting 172.18.10.141 1646 radius server accounting 172.18.10.157 1646 secondary aaa authentication-scheme auth authentication-mode radius domain default # domain default_admin # domain huawei authentication-scheme auth radius server group stmb stelnet ipv4 server enable stelnet ipv6 server enable ssh user localadmin ssh user localadmin authentication-type password ssh user localadmin service-type stelnet ssh authorization-type default aaa # ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256_96 sha2_256 sha1_96 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep # ssh client first-time enable ssh client 172.18.10.12 assign ecc-key 172.18.10.12 # user-interface vty 0 4 authentication-mode aaa
Alarm Information
Handling Process	First、check the configuration of radius found customer does not configuration the domain-excluded so when login it need add the domain name.After add the domain name, it still give fail Second、check the ssh configuration we found customer loss the command “ssh authentication-type default password” after add the command it can authentication success now. but the user level is too low can input any command. Third、check the user privilege level and change it to 3.
Root Cause	Configuration is wrong with SSH and radius domain.
Solution	Change the configuration as bellow: radius server group stmb radius server shared-key-cipher %^%#7&\|^Cp[sxP@`&fW1ec!;M96IuO38aQ$C=U/25=%^%# radius server authentication 172.18.10.141 1645 radius server authentication 172.18.10.157 1645 secondary radius server accounting 172.18.10.141 1646 radius server accounting 172.18.10.157 1646 secondary radius server user-name domain-excluded aaa default-domain admin Huawei authentication-scheme auth authentication-mode radius domain huawei authentication-scheme auth radius server group stmb stelnet ipv4 server enable ssh authentication-type default password ssh authorization-type default aaa # ssh server cipher aes256_ctr aes128_ctr ssh server hmac sha2_256_96 sha2_256 sha1_96 ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep ssh client first-time enable user-interface vty 0 4 authentication-mode aaa user privilege level 3
Suggestions	Make sure the radius and ssh configuration correct.

x
convention：

Helpful (0) Favorite(0) Report

yangyong Created May 11, 2018 06:49:50

Thank you for sharing.

x
convention：

Comment

Notice

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:

Politically sensitive content
Content concerning pornography, gambling, and drug abuse
Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy

Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."