12-24-2018 11:27 AM - edited 03-08-2019 04:53 PM
I have radius configured and when connected it does authenticate and am able to login successfully.
Problem is that when the radius server is unreachable I should be able to login using the local login, but it fails with the following message;
"Remote AAA servers unreachable; local authentication failed"
I can hook up to the console and log in using the local accounts. I thought the rules, if set, when radius is unavailable then the local login should work.
Below is the configuration for AAA authentication:
aaa authentication login default group radius local
aaa authentication login console local
aaa authentication login error-enable
the above configuration shows if my default group cannot be reached then use local, and local does work since I can use the console to log in.
am I missing something?
12-24-2018 11:42 AM
Hello,
what do you have configured locally ? Can you post the full configuration ?
12-24-2018 12:29 PM
system is a nexus 5K
username admin password 5 XXXXXXXXXXXXXXXXXXXXXXX role network-admin
...
...
...
radius-server timeout 2
radius-server host radiusServer1 key 7 "XXXXXXXXXX" authentication accounting timeout 2 retransmit 3
radius-server host radiusServer2 key 7 "XXXXXXXXXX" authentication accounting timeout 2 retransmit 3
aaa group server radius management
server radiusServer1
server radiusServer2
source-interface loopback0
...
...
...
line console
exec-timeout 15
line vty
session-limit 14
exec-timeout 15
access-class MGMT-ACCESS in
12-24-2018 01:36 PM
aaa authentication login console local - becuase of this you able to login to console.
try adding
aaa authentication login default fallback error local
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: