N3048P Radius LDAP SSH login configuration

Question

I have spent 3, 8hr days trying to get a N3048P on a radius login over SSH (no telnet)I've used the following guides and have not made any progress: https://www.dell.com/support/article/us/en/04/how10768/how-to-configure-radius-or-tacacs-authentication-for-switch-management-on-n-series-switches?lang=en https://gbe0.com/networking/dell/switch-radius-authentication   Here are my config setups. Please note, the switch I'm working on is a spare switch. Subnet 172.19.3.X is a subnet that's currently in use by production. Network settings on this is just so I can have a workstation reach the switch via SSH/Telnet. I've been doing the configuration through console. The 172.19.3.2 (test switch) can ping the Radius server. I've tried the following configurations: Config 1enconfinterface vlan 1ip address 172.19.3.2 255.255.255.0exitip default-gateway 172.19.3.1exitconfusername admin password FakePassword privilege 15radius server timeout 3radius server attribute 8 include-in-access-reqradius server key radius server attribute 31 mac format ietf lower-case radius server auth 172.20.1.27 primary name 'RadiusServerName' exit aaa authentication login 'networkList' local radius aaa authentication enable 'enableNetList' none aaa authorization exec 'Exec_Auth_List' local radius ip https authentication local radius Config2 enconfinterface vlan 1ip address 172.19.3.2 255.255.255.0exitip default-gateway 172.19.3.1exitconfusername admin password FakePassword privilege 15radius server timeout 3radius server attribute 8 include-in-access-reqradius server key radius server attribute 31 mac format ietf lower-case radius server auth 172.20.1.27 primary name 'RadiusServerName' exit aaa authentication login 'networkList' local radius aaa authentication enable 'enableNetList' none aaa authorization exec 'Exec_Auth_List' local radius ip https authentication local radius   Config3enconfinterface vlan 1ip address 172.19.3.2 255.255.255.0exitip default-gateway 172.19.3.1exitconfusername admin password FakePassword privilege 15exitconfcrypto key generate rsaycrypto key generate dsayip ssh serverno ip http serverip http secure-serveraaa authentication login 'defaultList' radius localaaa authentication enable 'enableList' radius enableaaa authorization exec 'dfltExecAuthList' radius localradius server auth 172.20.1.27primaryname 'RadiusServerName'key FakeKeyexitline sshenable authentication defaultlogin authentication default I've tried using the following username formats:Usernamedomain\usernameusername@domain.com

DELL-Josh Cr · Answer

Hi, Are you able to connect to ssh without radius? Does radius work with other connection methods? Is the switch firmware up to date? What error are you getting?

TheUsD · Answer

'Are you able to connect to ssh without radius?'Yes, I can login via SSH without using radius 'Does radius work with other connection methods?'If I understand what you're asking, Yes. We use the Radius server for other methods of connection. 'Is the switch firmware up to date?'Yes, the switch is on the latest 6.5.x.x firmware'What error are you getting?'I am prompted with a username screen, I enter the username, then password and then prompted with the username section again.    console#show authentication methods Login Authentication Method Lists---------------------------------defaultList : nonenetworkList : localRadius : radius local Enable Authentication Method Lists----------------------------------enableList : enable noneenableNetList : enableRadEn : radius Line Login Method List Enable Method List------- ----------------- ------------------Console defaultList enableListTelnet Radius enableListSSH networkList enableList HTTPS :localHTTP :localDOT1X : console#show radius statistics RADIUS server name............................. Default-RADIUS-ServerServer Host Address............................ 172.20.1.27Round Trip Time................................ 0.00Access Requests................................ 8Access Retransmissions......................... 3Access Accepts................................. 0Access Rejects................................. 0Access Challenges.............................. 0Malformed Access Responses..................... 0Bad Authenticators............................. 0Pending Requests............................... 0Timeouts....................................... 11Unknown Types.................................. 0Packets Dropped................................ 0 console#show aaa servers IP address Type Port TimeOut Retran. DeadTime Source IP Prio. Usage---------------- ----- ----- ------- ------- -------- ------------- ----- ------172.20.1.27 Auth 1812 Global Global Global Global 0 all Global values--------------------------------------------Number of Configured Authentication Servers.... 1Number of Configured Accounting Servers........ 0Number of Named Authentication Server Groups... 1Number of Named Accounting Server Groups....... 0Number of retransmits.......................... 3Timeout duration............................... 15Deadtime....................................... 0Source IP...................................... 0.0.0.0Source Interface............................... DefaultRADIUS accounting mode......................... EnableRADIUS Attribute 4 Mode........................ DisableRADIUS Attribute 4 Value....................... 0.0.0.0RADIUS Attribute 6 Mode........................ DisableRADIUS Attribute 8 Mode........................ DisableRADIUS Attribute 168 Mode...................... DisableRADIUS Attribute 25 Mode....................... Enable     Machine Description............... Dell EMC Networking SwitchSystem Model ID................... N3048PMachine Type...................... Dell EMC Networking N3048PSerial Number.....................Manufacturer...................... 0xbc00Burned In MAC Address............. System Object ID.................. SOC Version....................... BCM56340_A0HW Version........................ 5CPLD Version...................... 20Image File........................ N3000AdvLitev6.5.4.4Software Capability............... Stack Limit = 8, VLAN Limit = 1024 unit active backup current-active next-active---- ----------- ----------- -------------- --------------1 6.5.4.4 6.5.3.4 6.5.4.4 6.5.4.4

DELL-Josh Cr · Answer

@TheUsD wrote:

Line Login Method List Enable Method List
------- ----------------- ------------------
Console defaultList enableList
Telnet Radius enableList
SSH networkList enableList

It looks like SSH is using networkList, but networkList isn't set to use radius.

@TheUsD wrote:

console#show authentication methods

Login Authentication Method Lists
---------------------------------
defaultList : none
networkList : local
Radius : radius local

TheUsD · Answer

Could you please provide the correct CLI command to fix that? I tried the following:aaa authentication enable networkList Radius but the networkList is still showing local

Networking General

Was this post helpful?