Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1702
Views
0
Helpful
0
Replies

Setting up local user auth on Nexus switch

mramirez-t
Level 1
Level 1

‎01-10-2018 07:45 AM - edited ‎03-08-2019 01:22 PM

We're using a few Nexus 3048 switches in production.  Authentication is set up with Radius on 2008R2.  The config shows as following:

 

aaa group server radius ACRRadius
aaa authentication login default group ACRRadius local

 

With a local account set up as follows:

 

username admin password 5 $1$.A2/mOR6$KgbnWP7SiPKFDizmqYR/S0 role network-admin

 

With our non-Nexus switches, if someone tries to SSH to those switches, they can do so with a local account, but on the Nexus switches, the SSH login attempt is going to our Radius server and since the creds for the local account don't match to anything in AD, they're not allowed to log in.

 

If I reverse the aaa auth command on the 3048 so local goes before group like below...

 

aaa authentication login default local group ACRRadius

 

... NOS does not allow me to put in group after local, just local.  There's a fallback method that if Radius fails, go to local.  But since our Radius server is unlikely to fail, we won't be able to log in locally.  For certain policy reasons, we want some people to log in locally.  Don't ask me why, and mgmt reasoning is bizarre at best.

 

How can I get this to work?

 

Any help is appreciated.  Thanks.

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents