R1-2210 VRTX RADIUS

Question

Hey guys,

I'm slowly trawling through our network switches and securing them off. As part of this process RADIUS is being configured, I've done most of our switches now but the VRTX switch is being a pain. I get a rejection message on the switch and RADIUS authenticates the user fine with event ID 6278. I've removed IP's and keys for security.

%AAA-W-REJECT: New ssh connection, source destination REJECTED

Here is my configuration.

aaa authentication login default radius local
aaa authentication enable default none
ip http authentication aaa login-authentication radius local
!
radius-server host 
 
   key 
  
    radius-server host 
   
     key 
    
      ! line console login authentication default enable authentication default exec-timeout 60 exit line ssh login authentication default enable authentication default exec-timeout 60 exit

I started to think there was a management access class somewhere so set one up but it made no difference.

management access-list secure-mgmt
 permit service ssh
 permit service http
 permit service https
 permit ip-source 
 
   service snmp
 permit ip-source 
  
    service snmp exit management access-class secure-mgmt

Any ideas what's going on?

DELL-Josh Cr · Answer

Hi, Is it able to ping the radius server? Does show radius-servers show the server?

damogill · Answer

I wish it was so easy, the RADIUS request is received and accepted by the RADIUS server with the correct policy. The user is authenticated on RADIUS OK.

The RADIUS servers can be pinged and show up with the "show radius-servers" command.

damogill · Answer

Done, thanks for picking this up.

DELL-Josh Cr · Answer

Can you private message me the service tag?

DELL-Josh Cr · Answer

Was ssh working before Radius was enabled? Does show ip ssh show it enabled? Which firmware version is the switch running? Show version should tell us the version. If you use console access instead of ssh does it authenticate.

damogill · Answer

Hi Josh, sorry it took me so long, I went away on holiday. Yes SSH works fine with or without RADIUS enabled, I can connect fine, I just get the authentication issue as described. If I turn radius on for the web only for example then I can still get in fine with SSH, it's the RADIUS config on the switch I believe as the RADIUS server seems happy enough and accepts the request. The software version is 2.0.0.52 the boot code is 2.0.0.1. Does the configuration in this thread look good to you?

DELL-Josh Cr · Answer

The radius configuration looks fine.

damogill · Answer

Any ideas then? Is it possible the VRTX switch requires a particular RADIUS attribute to be sent back to the switch? Other switch vendors need this, no other DELL does I'm aware of but this switch is fairly unique!

DELL-Josh Cr · Answer

There were some fixes for radius in later updates, so we would recommend updating to the latest switch version. http://www.dell.com/support/home/us/en/04/drivers/driversdetails?driverId=1XTJX

damogill · Answer

Ok no worries, will try that and report back. It may be some time as it will need to be done during a maintenance window.

Networking General

R1-2210 VRTX RADIUS

Was this post helpful?