HPE Community
Comware Based
1754282 Members
3306 Online
108813 Solutions
New Discussion

How to use Radius with local backup

 
Packet-Ghost
Occasional Advisor

‎10-08-2012 02:04 AM

‎10-08-2012 02:04 AM

How to use Radius with local backup

Hi,

 

We have just installed a couple of A5500EI switches and I'm trying to get Radius auth for telnet/ssh working.

 

As I'm used to procurve switches, I'm not very much in to this comware-stuff (but I'm learning!).

 

We run Radius on Windows 2008 servers. We've set up the Procurve switches with these settings:

 

radius-server host 10.yy.yy.yy key mysecret
aaa authentication web login radius local
aaa authentication ssh login radius local
aaa authentication telnet login radius local
aaa authentication web enable radius local
aaa authentication ssh enable radius local
aaa authentication telnet enable radius local
aaa authentication login privilege-mode

 

We have to ad-groups, network-operators and network-admins. If the user is member of the admin-group they can manage the switch, and operators can only do monitoring/view -stuff.

 

Can anyone help me "translate" the procurve commands to Comware commands?

 

What I've done so far is:

 

super password level 3 cipher xxxxxxxxx

 

radius scheme system
primary authentication 10.yy.yy.yy
primary accounting 127.0.0.1 1646
key authentication cipher $c$3$nmBMe/uKDpkC4Xtv6LT2J39qVRbwK8nO8RaY53Q=
user-name-format without-domain

 

local-user admin
password cipher xxxxxxxx
access-limit 3
service-type ssh terminal
service-type portal

 

user-interface vty 0 15
authentication-mode none
user privilege level 1

 

If I switch to "authentication-mode scheme" I get a login-prompt when connection, but am unable to log in.

 

What is important to me, is to have local login as the secondary method if Radius is unavailable. I want radius to be primary, but local login as fallback if radius is offline/unavailable.

 

So how do I configure the scheme to use local as fallback?

 

And what do I need to configure on the Radius on the server?

 

 

Thanks

 

K.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.