02-16-2024 05:08 AM
Hello,
I'm trying to configure radius and local authentication on cisco cbs250.
Unlike catalyst, when the Radius server is active, I cannot log in with the local account.
Is this normal?
Switch : CBS250-8T-D Version 3.1.1.7
Conf :
encrypted radius-server host 10.x.x.x auth-port 1645 key xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx usage login
aaa authentication login default radius local
aaa authentication enable default radius enable
line ssh
login authentication default
enable authentication default
Thanks for help
Solved! Go to Solution.
02-16-2024 05:15 AM
Unlike catalyst, when the Radius server is active, I cannot log in with the local account.
Is this normal?
yes that is normal - since you have order - radius if that fails local.
For testing, change they key in Radius server - so switch can not connect to Radius - that time your local account should worl.
Once testing done put back radius key that matches with the switch to use normal radius authentication.
02-16-2024 05:15 AM
Unlike catalyst, when the Radius server is active, I cannot log in with the local account.
Is this normal?
yes that is normal - since you have order - radius if that fails local.
For testing, change they key in Radius server - so switch can not connect to Radius - that time your local account should worl.
Once testing done put back radius key that matches with the switch to use normal radius authentication.
02-16-2024 05:29 AM
ok that's what I thought.
It's a shame because for our PAM solution and local account management, we are obliged to use an AD service account, which is not the case for Catalysts which can connect with Radius or a local account even if the Radius server is active.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide