Nortel BayStack - RADIUS Authentication

[goodingsd]

Any one out there successfully setup Nortel BayStack switches (450, BPS & 5510) with RADIUS authentication ?

If so could you advise what RADIUS server, authentication method (i.e. static ID or using a FOB for PASSCODE = PIN + 6 digit FOB) and how long.

RADIUS server is a FUNK and password is checked against an RSA box using FOB for 6 digit 60 sec number added to your PIN -- RADIUS does see the request from switch and does send out response. The switch doesn't let the first try in (NO RESPONSE FROM SERVER) but does the second try.

I've tried a BayStack 450 running f/w 4.1.0.6 code as well as code 4.5.2.0.

I've also tried a BayStack 5510 running BOSS 4.0.1.22 with same results.

Talked with our Nortel Engineer, opened a case with TAC, had that case escalated but still no help.

 

[PederChr]

You try to use EAP ?? 802.1X?

Or on the login ?

I think i got some nortel doc on EAP..

 

[goodingsd]

I've proabably got the same documentation.

To do EAP / 802.1x you need to have RADIUS enabled on the switch. We'll be testing EAP next step, but the security folks want management access to the Nortel & Cisco hardware tightened up and our direction is RADIUS.

 

[netmanrick]

WE had MANY headaches trying to use FUNK. Finally went with Cisco ACS(much easier). For us FUNK was like talking to a brick wall(many headaches).

Rick Harris
SC Dept of Motor Vehicles
Network Operations

 

[PederChr]

Why not Microsoft IAS ? it's almost free...