Radius Attributes
Posted: Thu May 14, 2026 5:58 pm
I am attempting to configure RADIUS authentication on a Netonix WS switch running firmware 1.5.26.
I found several forum posts referencing RADIUS VSAs, however I have not been able to find documentation listing the actual supported attributes or whether they are required for basic administrative login.
My goal is not role-based access or privilege assignment. I simply want a standard RADIUS authentication flow where a user such as john.doe authenticates successfully against FreeRADIUS/LDAP, receives an Access-Accept, and is then allowed administrative login to the switch.
FreeRADIUS debug output confirms:
-LDAP bind succeeds
-Group membership checks succeed
-Access-Accept is returned successfully
-No rejects are being sent by the RADIUS server
However, the switch immediately reports “invalid username/password” after the Access-Accept is sent.
Are any Netonix-specific VSAs or reply attributes required for successful admin login, or should a standard Access-Accept without VSAs be sufficient?
Also, does the username need to already exist locally on the switch for RADIUS authentication to function properly?
I found several forum posts referencing RADIUS VSAs, however I have not been able to find documentation listing the actual supported attributes or whether they are required for basic administrative login.
My goal is not role-based access or privilege assignment. I simply want a standard RADIUS authentication flow where a user such as john.doe authenticates successfully against FreeRADIUS/LDAP, receives an Access-Accept, and is then allowed administrative login to the switch.
FreeRADIUS debug output confirms:
-LDAP bind succeeds
-Group membership checks succeed
-Access-Accept is returned successfully
-No rejects are being sent by the RADIUS server
However, the switch immediately reports “invalid username/password” after the Access-Accept is sent.
Are any Netonix-specific VSAs or reply attributes required for successful admin login, or should a standard Access-Accept without VSAs be sufficient?
Also, does the username need to already exist locally on the switch for RADIUS authentication to function properly?