5 Replies Latest reply on Mar 4, 2016 8:02 AM by adtn99

    RADIUS on TA3000

    usrdrh New Member

      We have a plethora of Adtran TA3000’s in our network today and seem to still be purchasing these.

      We have enabled RADIUS on these boxes but as of recent have noticed an issue.

      When RADIUS is broken – the TA3000 will not allow us to log in using local username/pass.

      Instead – we are locked out.

      We are running SR5.10 – and this seems to be the last system release offered by Adtran.

      My question is – if RADIUS is a feature on this box – and we lose the connection to the RADIUS server – How do we get in to the box?

      We have a box that seems to be bricked in this situation today – and require some assistance.

        • Re: RADIUS on TA3000
          adtn99 Employee

          When RADIUS remote authentication is enabled Local NE User Accounts are disabled.  However the unit supports up to four different RADIUS Servers i.e. if the Primary Radius Server is offline the unit try the Secondary Radius Server, followed by the 3rd, and ultimately the 4th if needed.

            • Re: RADIUS on TA3000
              usrdrh New Member

              The only concern is when someone deploys the box and sets up RADIUS - but enters the wrong IP address for MGMT - then you get locked out of the box.

              In the MX2820 - its easy enough to disconnect the RJ-45 for MGMT and using the craft port you can log in with local access.  This is not the behavior of the TA3000.

              Sadly it seems there is no workaround other that calling TAC.

              Thanks.

                • Re: RADIUS on TA3000
                  adtn99 Employee

                  Your example of entering a wrong address is not a valid issue.  There are safety steps in the RADIUS Enabling process to prevent your scenario from occurring.  Example RADIUS Authentication can’t be Enabled before a successful “Validate RADIUS Server Connection (Run RADIUS Test)” has been performed.

                    • Re: RADIUS on TA3000
                      usrdrh New Member

                      Perhaps my explanation was not as clear as I hoped.  Our situation was a deployment person connected to the TA3000 via the Ethernet MGMT - RADIUS was working already.

                      There was an order to change IP space used for MGMT within the network.

                      She changed the IP Address of the chassis without turning off RADIUS and when the IP was changed but not the gateway (a mistake) - they get dropped of the box?

                      Does this make more sense?

                        • Re: RADIUS on TA3000
                          adtn99 Employee

                          Yes, in the situation you describe the only option would be to call ADTRAN TECH SUPPORT and open a ticket to perform the Challenge Key Process “ADTRANPLEASEHELP”.  Please accept my apology for not reading your original inquiry more carefully!