Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Unable to log into Brocade ICX (fastiron) when RADIUS authentication for Enable is configured

See original GitHub issue

I’m testing using a Brocade ICX7250. If enable authentication is disabled with the following command, everything works: aaa authentication enable default none

If enable authentication is configured to use RADIUS: aaa authentication enable default radius local

I get the following when connecting:

net_connect = netmiko.ConnectHandler(**icx)
SSH connection established to 10.0.0.2:22
Interactive SSH session established
Traceback (most recent call last):
 File "<stdin>", line 1, in <module>
 File "C:\Python27\lib\site-packages\netmiko\ssh_dispatcher.py", line 124, in ConnectHandler
   return ConnectionClass(*args, **kwargs)
 File "C:\Python27\lib\site-packages\netmiko\base_connection.py", line 151, in __init__
   self.session_preparation()
 File "C:\Python27\lib\site-packages\netmiko\brocade\brocade_fastiron_ssh.py", line 12, in session_preparation
   self.enable()
 File "C:\Python27\lib\site-packages\netmiko\cisco_base_connection.py", line 17, in enable
   return super(CiscoBaseConnection, self).enable(cmd=cmd, pattern=pattern, re_flags=re_flags)
 File "C:\Python27\lib\site-packages\netmiko\base_connection.py", line 877, in enable
   output += self.read_until_prompt_or_pattern(pattern=pattern, re_flags=re_flags)
 File "C:\Python27\lib\site-packages\netmiko\base_connection.py", line 345, in read_until_prompt_or_pattern
   return self._read_channel_expect(combined_pattern, re_flags=re_flags)
 File "C:\Python27\lib\site-packages\netmiko\base_connection.py", line 289, in _read_channel_expect
   raise NetMikoTimeoutException("Timed-out reading channel, data not available.")
netmiko.ssh_exception.NetMikoTimeoutException: Timed-out reading channel, data not available.

Here is what a login looks like with enable radius configured:

Using username "service_netmiko".
Using keyboard-interactive authentication.
Password:
SSH@Lab-ICX7250>en
User Name:service_netmiko
Password:
SSH@Lab-ICX7250#

Issue Analytics

State:
Created 6 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

yemisiecommented, Aug 7, 2021

from typing import from netmiko import ConnectHandler from getpass import getpass

password = getpass() secret = getpass()

brocade = { “device_type”: “cisco_ex”,
“host”: “172.16.1.1”, “username”: “admin”, “password”: password, “port”: 22, # optional, default 22 “secret”: secret, # this is the enable password “verbose”: True # optional, default False }

connection = ConnectHandler(**brocade)

connection.enable

I made up this for my Brocade MLxe and its working for me.

0reactions

ktbyerscommented, Apr 27, 2020

@nhandh09 Check this file here:

https://github.com/ktbyers/netmiko/blob/develop/PLATFORMS.md

Top Results From Across the Web

Configuring Flexible authentication on an interface

The following steps configure Flexible authentication at the interface level. ... is blocked in the hardware (default action) when authentication fails.

Brocade FastIron Flexible Authentication Deployment Guide

Step 1: Configure an authentication method list for 802.1X and specify RADIUS as an authentication server. Following CLI configures the 802.1X process on...

enable aaa console - Commscope Technical Content Portal

Command authorization and command accounting for console commands are not enabled. Global configuration mode. The Brocade device supports ...

Ruckus ICX 802.1x Configuration - NetAdmin.us

Brocade ICX 6610 running Fastiron code. ... First you have to configure your Radius attributes in the Radius Server to pass to the...

FastIron Ethernet Switch Security Configuration Guide, 08.0.30

Brocade -specific attributes on the RADIUS server. ... If you disable Telnet access, you will not be able to access the CLI except...