RADIUS authentication w/ HP A-series and E-series equipment

It’s very useful to use RADIUS for authentication. This post is aimed at providing the quick and dirty details to make it happen on the HP A-series and E-series equipment.

Important note: Be sure to set a local manager account on all switches before enabling RADIUS. If you do not set a local manager account and RADIUS is not reachable, then you will not be able to manager your gear.


Tested on: 5920 & 5820



Manager rights: cisco-AV-Pair shell:roles=network-admin
Ready-Only: cisco-AV-Pair shell:roles=level-1


The important thing to note here is that there are no attributes currently available that will grant you a specific level of rights. Use RADIUS to controll access, then use the super command to control the access level.

example radius scheme configuration

radius scheme radius-auth
primary authentication <server>
primary accounting <server>
key authentication <key>
key accounting <key>
user-name-format without-domain
super password level 1 simple <password>
super password level 2 simple <password>
super password level 3 simple <password>


Tested on: 3800

RADIUS attributes

Enabled mode: RADIUS Attributes > Standard: Service-Type:Administrative
Monitor mode: RADIUS Attributes > Standard: Service-Type:NAS Prompt

Example configuration

radius-server host <server> key <key>
aaa authentication ssh login radius local
aaa authentication ssh enable radius local
aaa authentication login privilege-mode

Leave a Reply

Your email address will not be published. Required fields are marked *