Configuring Juniper/Funk SBR to support devices

HP 5800 Switch Series: Configuring
Juniper/Funk SBR to support devices login
Technical Configuration Guide
Version: 1.2
April 2014
Table of Contents
Introduction ............................................................................................................................. 3
Requirements ......................................................................................................................... 3
Network Diagram ................................................................................................................... 3
Configure ................................................................................................................................. 4
These are the steps required on the SBR: ...................................................................... 4
These are the steps required on the HP 58xx switch: .................................................. 7
Verify “device login” ............................................................................................................... 8
Troubleshooting “device login” information ...................................................................... 9
For more information ..........................................................................................................11
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
Introduction
This Technical Configuration Guide (TCG) describes how to configure HP 5800 Series Switches and
Juniper/Funk to support device login.
The intended audience is HP Solution Architects, HP Technical Consultants, and HP Partners.
Please note that Juniper/Funk SBR is a third party product, HP does not provide support for such product,
and the procedure listed here is for your informational only. HP recommends that user consults with SBR
vendor for further detailed setup support.
Requirements
Juniper/Funk SBR Server
•
•
•
Windows Operating System
SBR 6.1.5 (built 5115)
Native Users
HP 5800
•
Comware Software version 5.20, Release 1206 (or newer)
Network Diagram
Figure 1: Network diagram
3
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
Configure
These are the steps required on the SBR:
1.
Create a file using notepad.exe (h3c.dct) and put in the SBR installation folder, typically C:\Program
Files\Juniper Networks\Steel-Belted Radius\Service. Add the following section and save the file.
Figure 2: Create a file using notepad.exe
2.
Edit “radius.dct” file under C:\Program Files\Juniper Networks\Steel-Belted Radius\Service. Add SSH
service in the section (in this document, SSH is the service method for device login) and save the file.
Figure 3: “radius.dct”
3.
4
Edit “dictiona.dcm” file C:\Program Files\Juniper Networks\Steel-Belted Radius\Service and add in the
section the filename defined in step #1 and save the file.
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
Figure 4: “dictiona.dcm”
4.
Edit “vendor.ini” file C:\Program Files\Juniper Networks\Steel-Belted Radius\Service. At the end of the
section – add the highlighted items, please don’t forget to save the file.
Figure 5: “vendor.ini”
5.
Restart the SBR Services – Windows Administrative Services section.
Figure 6: Restart the SBR Services
6.
5
Launch SBR Administrator GUI – http://SBR-IP-Address:1812. Login using windows credentials and
trust the certificate.
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
7.
Add the HP 5800 switch under SBR Radius Clients. Remember to select – H3C Enterprise Network
Products under make or model and remember the shared secret (match with 5800 config).
Figure 7: HP 5800 switch under SBR Radius Clients
8.
6
Create user using SBR Local Database/Native Users. Configure the “Required” Return-Attributes for
the user device login.
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
Figure 8: Create user using SBR Local Database
9.
Verify in the Authentication Policies/Order of Methods that Native User is in the Active Authentication
Methods.
Figure 9: Verify in the Authentication Policies
These are the steps required on the HP 58xx switch:
1.
Configure radius scheme. Remember to set the server-type as “extended”.
Figure 10: Configure radius scheme
Note:
10.254.152.3 is the SBR server
123456 is the shared key and should match in the SBR device/client configuration
7
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
10.254.152.254 is the switch IP address and should match in the SBR device/client configuration
2.
Configure domain for “login” access. AAA – authentication, authorization, accounting configuration is
required.
Figure 11: Configure domain for “login”
Note:
If the requirement is to use the “local accounts” defined in the switch in case the radius
authentication is failing, use the following commands. Remember to configure a local account
using “local-user” command with service-types.
Figure 12: To use the “local accounts”
3.
Configure the domain as the default # domain default enable imc
4.
Enable authentication-mode scheme on the vty interfaces.
Figure 13: Enable authentication-mode
Verify “device login”
1.
8
From the cli, #display users. Check the User Level is the account is displaying the correct user level. In
this test, hp-gee account is configured for user level “3” in the SBR Native Database.
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
Figure 14: Check the User Level
Troubleshooting “device login” information
For SBR, put the SBR into debug log mode.
Open the file “radius.ini” under C:\Program Files\Juniper Networks\Steel-Belted Radius\Service and
change the LogLevel and TraceLevel to “2”. (“0” is log mode, “1” is normal mode, “2” is debug mode)
(extremely large number of messages).
Save the changes and restart the SBR service.
To check the log files, go in the sub-directory C:\Program Files\Juniper Networks\Steel-Belted
Radius\Service and select the <date>.log file and open using wordpad.
For accounting records – check the <date>.act file.
Change the Loglevel and Tracelevel to “0” after troubleshooting.
Figure 15: SBR into debug log mode
9
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
For 5800 Enable “debug”, from the cli:
#term monitor
#term debug
#debug radius packet
Figure 16: Enable “debug”
10
HP 5800 Switch Series: Configuring Juniper/Funk SBR to support devices login: Technical Configuration Guide
For more information
To read more about HP Networking Products, go to http://www.hp.com/go/networking.
Sign up for updates
hp.com/go/getupdated
Share with colleagues
Rate this document
© Copyright 2014 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for
HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as
constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Created April 2011, Revised April 2014 v1.2

Download Report