Powered by Jitbit .Net Forum free trial version. dismiss

HomeGeneral

General issues

3 Difference Switch Vendor with Same Users Messages in this topic - RSS

athrax
athrax
Posts: 11


16.04.2020
athrax
athrax
Posts: 11
Hi ,

I have HP(H3C),Cisco and Extreme switches on my network and I created new users for switch management access. I configured a user into default group and I added 1 extreme switch with ietf config. I can login to extreme switches with my config. As u know that cisco is using difference attributes types and also HP from extreme. How should i configure my user for all switches. ?

Extreme Config attached, I configured this under the user settings .
edited by athrax on 16.04.2020

Attachments:
extreme config.PNG
0 link
Admin
Admin
Administrator
Posts: 4992


16.04.2020
Admin
Admin
Administrator
Posts: 4992
Please see for Cisco https://forums.tekradius.com/topic262-configuration-on-tekradius-for-authentication.aspx and https://techhub.hpe.com/eginfolib/networking/docs/switches/WB/15-18/5998-8152_wb_2920_asg/content/ch06s04.html for HP
0 link
athrax
athrax
Posts: 11


16.04.2020
athrax
athrax
Posts: 11
Sorry but i don't want to "how can i configure on cisco or hp" , my question ;

*How can i use same user for difference switches ? I attached 1 image for you. This is for extreme switches.

I should change Attributes for each switches. How can i use my test user for 3 vendor ? All vendors need difference attributes config. I can not find a solution for this. Please check to attachment.


Thanks for greate support.



Attachments:
switchradius.PNG
0 link
Admin
Admin
Administrator
Posts: 4992


16.04.2020
Admin
Admin
Administrator
Posts: 4992
Let's assume that switches has following IP addresses;

Cisco 192.168.1.1
HPC 192.168.1.2
Extreme Cisco 192.168.1.3

Create 3 group profiles with following attributes (Create first Extreme than HPC and latest Cisco groups);

Cisco
NAS-IP-Address = 192.168.1.1 (Check)
Next-Group = HPC (Check)
cisco-avpair = shell:priv-lvl=15 (Success-Reply)
Service-Type = NAS-Prompt (Success-Reply)
HPC (I'm not sure your model but try)
Next-Group = Extreme (Check)
NAS-IP-Address = 192.168.1.2 (Check)
H3C-Exec-Privilege = Manage (Success-Reply)
Login-Service = Telnet (Success-Reply)
Extreme
NAS-IP-Address = 192.168.1.3 (Check)
Service-Type = Administrative (Success-Reply)
Framed-Protocol = PPP (Success-Reply)

Create user profile named Test added to "Cisco" Group with
User-Password = (Your password) (Check)
edited by Admin on 16.04.2020
0 link
athrax
athrax
Posts: 11


16.04.2020
athrax
athrax
Posts: 11
Hi Again ,

Firstly Thank you very much your greate support , I understand your method .

When i add my vendors Firstly Extreme HP and Cisco but software is sorting them A>Z . As you see from picture , Which sorting method should i use ?

Attachments:
rdsorting.PNG
0 link
athrax
athrax
Posts: 11


16.04.2020
athrax
athrax
Posts: 11
And sorry for my misstake , You are using Nas-IP-Address but i have many devices on my network: How can i filter that via Nas Vendor Type or Network subnets ?
0 link
Admin
Admin
Administrator
Posts: 4992


16.04.2020
Admin
Admin
Administrator
Posts: 4992
Can you send me sample authentication requests for each switches. Please set Logging = Sessions at Settings / Service Parameters and examine TekRADIUS log accessible through file menu of TekRADIUS Manager.
0 link
athrax
athrax
Posts: 11


17.04.2020
athrax
athrax
Posts: 11
When i want to add check attr for next group > I can not see other groups at menu. I restarted services, close and open application and result is same. You may find at photo.
0 link
athrax
athrax
Posts: 11


17.04.2020
athrax
athrax
Posts: 11
Next Group problem photo attached

Attachments:
radnogroup.png
0 link
Admin
Admin
Administrator
Posts: 4992


18.04.2020
Admin
Admin
Administrator
Posts: 4992
Please apply update at https://www.kaplansoft.com/tekradius/release/TekRADIUS-Update.zip and try again.
0 link
athrax
athrax
Posts: 11


20.04.2020
athrax
athrax
Posts: 11
Firtsly , thank you very much for your support.

I can configure now next group algorithm and i configured all devices and tested. Everythins is fine and working via 1 HP, 1 Extreme and 1 Cisco.
I am using Comware 7 on my HP switches, i found switch attributes from web and i configured this also.


Now , we have new problem. Could you help us regarding that ? Thanks in advance.

SCENARIO ;

-- We have 3 Hp switch , 5 Cisco Switch , 4 Extreme switch and 1 Atuba WLC , 1 Checkpoint FW in same subnet.


For this scenario , we should create groups for each vendor types. We can select our group attributes with Next Group ( check ) command. But at this time , we can not add second, third ip address on group attributes, when you want to add new cisco device NasIP (Check) command , it's updating current entry.

What's solution for this scenario ? How we select our device without NAS IP, NAS IP checking method is not usable. Can we check devices with difference method ? Like device vendor ( we are choosing device vendor type for adding NAS Client , can we use it on group configuration for checking device method ? )

you may check attach.

Thanks a lot again.

Attachments:
radproblem.png
0 link
Admin
Admin
Administrator
Posts: 4992


20.04.2020
Admin
Admin
Administrator
Posts: 4992
You can concatenate multiple IP addresses like 10.2.63.220;10.2.63.225
0 link
athrax
athrax
Posts: 11


20.04.2020
athrax
athrax
Posts: 11
Thanks, but i have many device, can i check devices with difference algorthm ? Can we do this job hust NAS IP ?

Thanks
0 link
Admin
Admin
Administrator
Posts: 4992


20.04.2020
Admin
Admin
Administrator
Posts: 4992
I need to sample authentication requests from each switch. I may recommend an alternative method if I can find a diffrence.
0 link
athrax
athrax
Posts: 11


20.04.2020
athrax
athrax
Posts: 11
you may find switch samples at attach.

0 link
Admin
Admin
Administrator
Posts: 4992


20.04.2020
Admin
Admin
Administrator
Posts: 4992
It looks like you can use NAS-Identifier to distinguish Extreme and HP switches.
0 link
athrax
athrax
Posts: 11


20.04.2020
athrax
athrax
Posts: 11
NAS Identifers are switches hostname and every switch has difference hostname.

I Edited when i send u this and Radius IP.
0 link
Admin
Admin
Administrator
Posts: 4992


20.04.2020
Admin
Admin
Administrator
Posts: 4992
TekRADIUS can perform regular expression based matching with Enterprise license. You can add prefixes for NAS identifiers in switch configurations. For instance HP- for HP, Extreme- for Extreme switches and you can add NAS-Identifier = HP* as a check attribute to HP group.
0 link
athrax
athrax
Posts: 11


20.04.2020
athrax
athrax
Posts: 11
Thanks a lot. I will test it.

And how can i use bulk insert NAS Client , I want to add my switches ( 85 pieces ) with bulk insert. Can i do this ?
0 link
Admin
Admin
Administrator
Posts: 4992


20.04.2020
Admin
Admin
Administrator
Posts: 4992
You can send your system id displayed at help / about menu of TekRADIUS Manager to info@kaplansoft.com to obtain a trial key.

Set Password Protection = Clear Text and execute following SQL statement to insert a client entry directly to the TekRADIUS database;


Insert into [Clients] ([ClientIP], [Secret], [Vendor], [UserRegEx], [Enabled], [KillCommand], [InterimUpdatePeriod]) Values ('Client IP Address', 'Secret', VendorId, '', '1', '', '0')

VendorId value, Cisco = 311, HP = 11, Extreme = 1916


You can set Password Protection = Reversible Encryption after inserting client entries.
0 link






Powered by Jitbit Forum 8.3.8.0 © 2006-2013 Jitbit Software