I can't admin via GUI a CBS250 switch with a radius (FreeRadius) user.

Sergio Kenay olvera · ‎03-23-2023

Hi everyone!

Recently I configured a FreeRadius v3.0 Server and it works fine with my Extreme switches via CLI and GUI. The troubles comes with CBS250-24T-4G switches. I configured Radius Client section and more features to get access via CLI and it works fine, but not with GUI (HTTP/HTTPS) access. When I type my radius user credentials on login page then appears the message "Invalid user name or password. Please try again" and occurs nothing; however in the radius log I detected the

"Acess-Accept" Radius Replay and Auth: (0) Login OK: [sergio/sergio] (from client port 0) log entry.

So, I don´t know if this is a kind of bug in the CBS250 system or if I'm doing something wrong. Please, help.

Edson A. Hernandez · ‎03-23-2023

Log in to the switch using a privileged account.
Enter global configuration mode by typing "configure terminal" at the command prompt.
Configure the HTTP server to use RADIUS authentication by entering the following command:
ip http authentication aaa <aaa rule>
Save the configuration changes by typing "write memory" at the command prompt.

**Please rate the answer if this information was useful***

Sergio Kenay olvera · ‎03-28-2023

Thank you so much for your comments.

I haven't problem to ask the radius server for a user authentication via HTTP/HTTPS in the switch but the radius server answered that it recibes the request message and then it gives a "Login Ok" message for the user that appear in its logs. So, I don't know so far if maybe this is a kind of bug with FreeRadius and Cisco CBS250 switch. I don't have a problem with CLI radius user access too.

In my switch configuration.

ip http authentication aaa login-authentication https radius local

Regards.