Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
2
Replies

CBS250 authentification Radius and Local when Radius is active

Go to solution
williamt1
Level 1
Level 1

‎02-16-2024 05:08 AM

Hello,

I'm trying to configure radius and local authentication on cisco cbs250.
Unlike catalyst, when the Radius server is active, I cannot log in with the local account.
Is this normal?

Switch : CBS250-8T-D Version 3.1.1.7

Conf  : 

encrypted radius-server host 10.x.x.x auth-port 1645 key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx usage login

aaa authentication login default radius local

aaa authentication enable default radius enable

line ssh

 login authentication default

 enable authentication default

 

Thanks for help

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-16-2024 05:15 AM 

Unlike catalyst, when the Radius server is active, I cannot log in with the local account.
Is this normal?

yes that is normal - since you have order - radius if that fails local.

For testing, change they key in Radius server - so switch can not connect to Radius - that time your local account should worl.

Once testing done put back radius key that matches with the switch to use normal radius authentication.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
2 Replies 2

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-16-2024 05:15 AM 

Unlike catalyst, when the Radius server is active, I cannot log in with the local account.
Is this normal?

yes that is normal - since you have order - radius if that fails local.

For testing, change they key in Radius server - so switch can not connect to Radius - that time your local account should worl.

Once testing done put back radius key that matches with the switch to use normal radius authentication.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
williamt1
Level 1
Level 1
In response to balaji.bandi

‎02-16-2024 05:29 AM


ok that's what I thought.
It's a shame because for our PAM solution and local account management, we are obliged to use an AD service account, which is not the case for Catalysts which can connect with Radius or a local account even if the Radius server is active.

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card