• September 21, 2018, 02:32:40 PM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Help needed with Avaya 3524 and Radius  (Read 1263 times)

0 Members and 1 Guest are viewing this topic.

Offline Kenzler

  • Rookie
  • **
  • Posts: 4
Help needed with Avaya 3524 and Radius
« on: June 08, 2016, 10:08:33 AM »
Afternoon all,
I've been tasked with setting up Radius so we can authenticate our edge switches using are AD logins.
New to Radius so please forgive my stupidity if this is obvious but im at a loss now.

I've got our systems team to setup a MS server 2012 VM.
I then installed the NPS add-in and authenticated against our AD Server.
I created a Group and added my AD username within this. The group type is set to "Security" and not "Distribution"

I created a Shared Secret key under "Templates Management" within NPS.

Under Radius Clients I add a new client, Its enabled, has a friendly name and IP address.  Shared Secret template applied. Under Advanced I added Nortel Networks.

Under Network Policies I select new.  Name is given and the type of network access server is set to "Unspecified" and then select next.

Under conditions I select "User Group" and add the AD group I created at the start.  I have also tried to add client friendly name but it made no change.

Access permission is left at default which is grant access

Not 100% sure what the Authentication methods should be setup as but looking at Cisco vids its POP,SPAP so I went with this.

Under Radius Attributes I set the Service-Type to "login"


On the 3524 I used the following

Radius server host <server IP> key <shared key>
Radius-server password fallback
Cli password telnet radius
Radius reachability use-icmp

I can log in with the local account still but it says "Access Denied"

I'm stuck at this stage.
I've tried so many different variations im lost myself.   :(
Any help or advice would be great. 

Thank you all
Alex


Offline Charles

  • Rookie
  • **
  • Posts: 15
Re: Help needed with Avaya 3524 and Radius
« Reply #1 on: June 08, 2016, 10:27:32 PM »
This document should help you with setting up your switches/radius server for authentication for management.  The key is returning the correct NAS Prompt (page 16) to the switch, also I would highly recommend moving away from telnet and using SSH instead provided the 3524 supports it.

https://downloads.avaya.com/css/P8/documents/100123895

Offline Kenzler

  • Rookie
  • **
  • Posts: 4
Re: Help needed with Avaya 3524 and Radius
« Reply #2 on: June 09, 2016, 03:10:05 AM »
Thanks Charles,
I normally disable Telnet and use SSH/SSL

The command "Cli password telnet radius" I was informed any remote connection but ill see if it works with SSH :)

Thanks for the link.  Will have a read through it today

Alex