08-11-2020 08:40 AM
hello
here is my configuration on switch 3650
aaa authentication login AUTH1 group radius local
aaa authorization exec AUTH1 group radius local
aaa authorization network AUTH1 group radius local
aaa authentication dot1x AUTH1 group radius
aaa accounting dot1x AUTH1 start-stop group radius
line con 0
exec-timeout 15 0
stopbits 1
line aux 0
exec-timeout 15 0
stopbits 1
transport input none
line vty 0 15
exec-timeout 15 0
transport input ssh
login authentication AUTH1
authorization exec AUTH1
i would like to use a fallback radius local
is there any missing thing ?
when i use SSH with a radius account -> OK
when i use SSh with a local account-> access denied
thanks for your help
Best Regards
08-11-2020 10:13 AM
- That is not a fallback test. The idea is that the local-account could be used if radius is unavailable and then only. Personally I advise to always use non-radius users for admin-access (and or let administrative access not depend on radius-setups)
M.
08-11-2020 03:03 PM
you can only able to simulate the issue with Local ( since it is fall back, only if radius fails)
for testing go to radius server and change the secret and save and then it mismatch with a secret so it will allow local user access.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide