Hello All,
I've been toying with this for a few days and I was wondering if anyone could give me a hand.
I want to use Server 2008 R2 as a RADIUS authenticator for ssh, http, and telnet access to Alcatel 6400's. I've setup a generic 2008 R2 RADIUS server according to these instructions (I know it's for a Cisco ASA, but from my understanding, this was for generic authentication)
http://www.ranjodh.com/networking/setup ... cisco-asa/
Is there anything besides this that would need to be setup? I know in the Network Configuration Guide there are VSA's, but from what I understand they're just for the accounting portion of the server?
Any help would be greatly appreciated, I've been googling this and trying to set something up according to the limited information in the Alcatel guides.
Thanks!,
E
Basic RADIUS Authentication
-
ehenry24
Re: Basic RADIUS Authentication
All set. I had missed the single line hidden in a paragraph with the Vendor Code for Alcatel. Which is 800, for anyone who has any troubles.
RADIUS up and running.
If anyone has any questions, feel free to PM me.
Thanks!,
Ed
RADIUS up and running.
If anyone has any questions, feel free to PM me.
Thanks!,
Ed
-
ehenry24
Re: Basic RADIUS Authentication
OK,
So I got it to work for authentication into the switch, but I'm having a bit of trouble running commands on the switch.
I have the VSA 41 and 42 set to 0xffffffff and this according to the show aaa priv hexa all command should give access to everything on the switch as seen below, but it isn't allowing me to do anything besides show commands...
Test-6400-> show aaa priv hexa all
0xffffffff 0xffffffff
I've found in other forums you're supposed to add the sum of the hexa values to get the priv level you want, but 0xffffffff should be the sum of everything?
Thanks!,
E
So I got it to work for authentication into the switch, but I'm having a bit of trouble running commands on the switch.
I have the VSA 41 and 42 set to 0xffffffff and this according to the show aaa priv hexa all command should give access to everything on the switch as seen below, but it isn't allowing me to do anything besides show commands...
Test-6400-> show aaa priv hexa all
0xffffffff 0xffffffff
I've found in other forums you're supposed to add the sum of the hexa values to get the priv level you want, but 0xffffffff should be the sum of everything?
Thanks!,
E
-
ehenry24
Re: Basic RADIUS Authentication
OK....
With Windows Server 2008R2 instead of listing 0xffffffff for full access, you should have ffffffffff for full access.
At least I'm able to do functions I wasn't previously able to do.
Let me know if you find anything else out.
Thanks!,
E
With Windows Server 2008R2 instead of listing 0xffffffff for full access, you should have ffffffffff for full access.
At least I'm able to do functions I wasn't previously able to do.
Let me know if you find anything else out.
Thanks!,
E
-
one6f
Re: Basic RADIUS Authentication
You do not have the required permissions to view the files attached to this post.
-
devnull
Re: Basic RADIUS Authentication
just curious: How do you identify which switch is to apply a specific CPR?
e.g. having Coreswitches with differnet rules?
As far as i found out you can add contrains/conditions for IP Adress, but this is "AND", which ist dumb, so if i have 50 Switches I have to create 50 NPS Policys, (at least if you don't have a specific range/Network - ranges and wildcards afaik only work in W2k8R2 Enterprise and Datacenter)
e.g. having Coreswitches with differnet rules?
As far as i found out you can add contrains/conditions for IP Adress, but this is "AND", which ist dumb, so if i have 50 Switches I have to create 50 NPS Policys, (at least if you don't have a specific range/Network - ranges and wildcards afaik only work in W2k8R2 Enterprise and Datacenter)
