Comware Based
1748230 Members
4140 Online
108759 Solutions
New Discussion

Re: 3Com 5500 EI Radius Failover to local

 
metalslug2004
Occasional Visitor

3Com 5500 EI Radius Failover to local

Hello, 

 
Yesterday I finally got my freeradius server playing nicely with a 3Com 5500 EI, thanks in no small part to the great posts in this forum. 
 
I know that it possible to have a primary and a secondary radius sever set up in the same radius scheme (example config below).  
#
radius scheme freerad
 server-type extended
 primary authentication x.x.x.x
 primary accounting x.x.x.x
 accounting optional
 key authentication ******
 key accounting ******
 user-name-format without-domain
#
 
Is it possible to have a radius server set a primary, and if the server is not accessible, set the secondary to local login authentication?  
 
This is my first post here, sorry if there is not enough information, or if this post is in the wrong place. 
 
Thanks in advance!
2 REPLIES 2
mertdemi
Advisor

Re: 3Com 5500 EI Radius Failover to local

 

Hi,

Yes it is possible.

you need to set it up under domain like:

 

domain test

 

authentication login radius-scheme freerad local

 

 

with the above config you are telling the system if it cannot reach radius with primary and secondary servers then fallback to local authentication.

 

you also need to have created a local user and give access like

 

local-user test

password simple test

service telnet

service ssh

authorization-attribute level 3

 

regards

 

metalslug2004
Occasional Visitor

Re: 3Com 5500 EI Radius Failover to local

Awesome! That worked great.

I noticed that if radius is reachable, then local logins are completely unavailable. Is there a way for local to be checked after a failure to authenticate by radius?

Thanks for the help!