cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1597
Views
0
Helpful
2
Replies

CISCO 3650 AAA radius local fallback

johnblack2045
Level 1
Level 1

hello

 

here is my configuration on switch 3650

 

aaa authentication login AUTH1 group radius local
aaa authorization exec AUTH1 group radius local
aaa authorization network AUTH1 group radius local
aaa authentication dot1x AUTH1 group radius
aaa accounting dot1x AUTH1 start-stop group radius

 

line con 0
exec-timeout 15 0
stopbits 1
line aux 0
exec-timeout 15 0
stopbits 1
transport input none
line vty 0 15
exec-timeout 15 0
transport input ssh
login authentication AUTH1
authorization exec AUTH1

 

i would like to use a fallback radius local

is there any missing thing ?

 

when i use SSH with a radius account -> OK

when i use SSh with a local account-> access denied

 

thanks for your help

Best Regards

2 Replies 2

marce1000
VIP
VIP

 

 - That is not a fallback test. The idea is that the local-account could be used if radius is unavailable and then only. Personally I advise to always use non-radius users for admin-access (and or let administrative access not depend on radius-setups)

 M.

 



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

balaji.bandi
Hall of Fame
Hall of Fame

you can only able to simulate the issue with Local ( since it is fall back, only if radius fails)

 

for testing go to radius server and change the secret and save and then it mismatch with a secret  so it will allow local user access.

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card