Ethernet Switches & Routers

Reply
regadmin
Contributor
regadmin
Posts: 21
Registered: ‎02-01-2013
Accepted Solution

Radius W2k8 + ICX6450 Config

‎04-05-2017 01:29 PM

Hi all,

i want to know if someone have a document for windows 2k8 RADIUS service and brocade switches (firmware version 8) to configure it.

I try with a diferent document but no one its worked

 

Can i do a domain user authenticate with his credential in a switch?

maybe i wrong with i try to do.

Sorry for my bad english and thanks

Nicolas

Report Inappropriate Content
Message 1 of 19 (2,714 Views)
0 Kudos
Mick.Day
Former Brocadian
Mick.Day
Posts: 238
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

‎04-06-2017 12:56 AM

Hi Nicolas,

 

There is a previous thread that should help

 

https://community.brocade.com/t5/Ethernet-Switches-Routers/FWS-2k8-NPS-RADIUS/m-p/27299#M1874

 

Hopefully this should provide some assistance

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Report Inappropriate Content
Message 2 of 19 (2,685 Views)
regadmin
Contributor
regadmin
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

‎04-07-2017 11:43 AM



Hi Mick and thanks por the link.


maybe can help becouse i try config but doesnt work because in the switch say "wrong user or password"

here my config

Switch:

aaa authentication enable default radius
aaa authentication login default radius
aaa authorization exec default radius
ip address 172.20.2.208 255.255.0.0
ip dns server-address 172.20.1.203
no ip dhcp-client enable
!
radius-server host 172.20.4.230
radius-server key 2 $UyFnQHNVIVpRM1k=
!


Windows 2k8 Radius server (172.20.4.230): I attach the capture

 

 Again sorry but i new with configure another authentication mode

 

Report Inappropriate Content
Message 3 of 19 (2,652 Views)
0 Kudos
regadmin
Contributor
regadmin
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

‎04-07-2017 12:51 PM

I attach the traffic capture with wireshark 

 

 

Report Inappropriate Content
Message 4 of 19 (2,641 Views)
0 Kudos
Highlighted
Mick.Day
Former Brocadian
Mick.Day
Posts: 238
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

‎04-10-2017 01:00 AM

Hi,

 

Have you got the vendor specific attribute configured as descibied in document and also have you looked at the Radius section of the Configuration Guide here

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Report Inappropriate Content
Message 5 of 19 (2,549 Views)
0 Kudos
regadmin
Contributor
regadmin
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

‎04-10-2017 06:21 AM

How  Mike, thanks for replying again.

From what I understand in the manual, it refers to the Brocade ID, right? I already had it configured. I attached a screenshot  to see if we are talking about the same thing.

Again thank you very much

Report Inappropriate Content
Message 6 of 19 (2,536 Views)
0 Kudos
Mick.Day
Former Brocadian
Mick.Day
Posts: 238
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

‎04-10-2017 06:55 AM

Hi,

 

I have not configured this myself on W2K8 but, once you have the Vendor-ID 1991 configured then you need to specify the Attributes that you wish the RADIUS server to return.

 

Attribute ID 1 (foundry-privilege-level) with a value set to one of the following values depending on whats required

 

0 - Super User level
4 - Port Configuration level
5 - Read Only level

 

This attribute will then be returned with Access-Accept packet sent by the RADIUS server when user logs in with a valid username/password

 

I am now looking again at your capture and I see that when user logs in the RADIUS server is sending an Access-Reject which would seem to indicate that the username/password was not accepted, you will need to work out why this is happening you must get an Access Accept before any other attributes can be passed on by RADIUS

 

I would suggest configuring a simple username/password combination for testing

 

The entire setup process is well documented here and the Authentication process here

 

Hope this helps

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Report Inappropriate Content
Message 7 of 19 (2,527 Views)
0 Kudos
regadmin
Contributor
regadmin
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

‎04-10-2017 01:13 PM

Hi Mike, I read the documentation that you gave me and compare it with my configuration and everything would be fine (in the switch)

I think because the error message I see in wireshark is that the problem comes from something bad configure on the RADIUS server in Windows.

If my domain is CABA (the user group allowed in RADIUS is "CABA \ technology") when I have to login in swtich, would it be the user alone ?
or "CABA \ username"
or"user"
or "user@caba.com"?
Because it is rare that the message is "bad user or password"

Thanks again
Report Inappropriate Content
Message 8 of 19 (2,518 Views)
0 Kudos
Mick.Day
Former Brocadian
Mick.Day
Posts: 238
Registered: ‎06-30-2010

Re: Radius W2k8 + ICX6450 Config

‎04-11-2017 01:02 AM

Hi,

 

Yes agreed the configuration you have on the switch looks fine

 

Just noticed you are using CHAP have you tried setting up using PAP (unencrypted) rather than CHAP

 

Regards

Mick


If my response has solved your query please click the "Accept as Solution" button.

Any and all information provided by me is not reviewed, approved or endorsed by Brocade and is provided solely as a convenience for Brocade customers.

All systems and all networks are different and unique. If you have a service affecting network problem, please open a TAC service request for service through Brocade, or through your OEM equipment provider.
Report Inappropriate Content
Message 9 of 19 (2,485 Views)
0 Kudos
regadmin
Contributor
regadmin
Posts: 21
Registered: ‎02-01-2013

Re: Radius W2k8 + ICX6450 Config

‎04-11-2017 05:43 AM

Hi Mick and thanks again for your help.

 

I setting up PAP in the radius server (i attach a capture) and doesnt work =( . I attach too a screenshot from wireshark with PAP. 

I really dont know what to do with this because i dont see nothing of this in internet :s

 

Thanks 

 

Nicolas 

 

Report Inappropriate Content
Message 10 of 19 (2,465 Views)
0 Kudos

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

Register