Access CE6810 switch by radius authentication

Latest reply: May 11, 2018 06:49:50 1141 1 0 0
 Fault Type Operation and maintenance >> Login
 Issue Description
Customer want to configuration the radius authentication when access the switch use SSH.But it can’t working after configuration the radius

Switch is CE6810-32T16S4Q-LI Version V200R002C50SPC800


Current configuration as follow:

radius server group stmb

 radius server shared-key-cipher %^%#7&|^Cp[sxP@`&fW1ec*!;M96*IuO38aQ$C=U/25=%^%#

 radius server authentication 172.18.10.141 1645

 radius server authentication 172.18.10.157 1645 secondary

 radius server accounting 172.18.10.141 1646

 radius server accounting 172.18.10.157 1646 secondary

 

aaa

authentication-scheme auth

  authentication-mode radius

domain default

 #

 domain default_admin

 #

 domain huawei

  authentication-scheme auth

  radius server group stmb

 

stelnet ipv4 server enable

stelnet ipv6 server enable

ssh user localadmin

ssh user localadmin authentication-type password

ssh user localadmin service-type stelnet

ssh authorization-type default aaa

#

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256_96 sha2_256 sha1_96

ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep

#

ssh client first-time enable

ssh client 172.18.10.12 assign ecc-key 172.18.10.12

#

user-interface vty 0 4

authentication-mode aaa

 Alarm Information

4ad41d4b3fc44d1c9fcc77bab80c4591

 Handling Process

First、check the configuration of radius found customer does not configuration the domain-excluded so when login it need add the domain name.After add the domain name, it still give fail


Second、check the ssh configuration we found customer loss the command “ssh authentication-type default password” after add the command it can authentication success now. but the user level is too low can input any command.

Third、check the user privilege level and change it to 3.
 Root Cause

Configuration is wrong with SSH and radius domain.
 Solution
Change the configuration as bellow:


radius server group stmb

 radius server shared-key-cipher %^%#7&|^Cp[sxP@`&fW1ec*!;M96*IuO38aQ$C=U/25=%^%#

 radius server authentication 172.18.10.141 1645

 radius server authentication 172.18.10.157 1645 secondary

 radius server accounting 172.18.10.141 1646

 radius server accounting 172.18.10.157 1646 secondary

 radius server user-name domain-excluded

aaa

 default-domain admin Huawei

authentication-scheme auth

  authentication-mode radius

domain huawei

  authentication-scheme auth

  radius server group stmb

 

stelnet ipv4 server enable

ssh authentication-type default password

ssh authorization-type default aaa

#

ssh server cipher aes256_ctr aes128_ctr

ssh server hmac sha2_256_96 sha2_256 sha1_96

ssh server key-exchange dh_group_exchange_sha256 dh_group_exchange_sha1 ecdh_sha2_nistp256 ecdh_sha2_nistp384 ecdh_sha2_nistp521 sm2_kep

ssh client first-time enable

 

user-interface vty 0 4

authentication-mode aaa

 user privilege level 3

 Suggestions

Make sure the radius and ssh configuration correct.
  • x
  • convention:

yangyong
Created May 11, 2018 06:49:50 Helpful(0) Helpful(0)

Thank you for sharing.
  • x
  • convention:

Comment

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login