Comware Based
Showing results for 
Search instead for 
Did you mean: 

Re: SSH Login & 802.1x

Occasional Contributor

SSH Login & 802.1x

How to configure on the same switch (4210, 5500) 802.1x authentication with remote Radius server and loging to the switch with SSH using local user's database, at the same time ? If the default domain points to Radius, it is impossible to login via local SSH. If the default domain has a local scheme authentication, it is impossible to use external Radius...

Super Advisor

Re: SSH Login & 802.1x


Could you copy and paste your switches settings here?

This is a strange behavior, probably you are missing some settings. You can enable 802.1X with authentication on a RADIUS server and have a local SSH users authentication at the same time.

In my experience, the settings will be:

domain default enable


dhcp-server 1 ip



dot1x timer supp-timeout 10

dot1x timer reauth-period 60

dot1x authentication-method eap


radius scheme system

radius scheme

server-type standard

primary authentication

accounting optional

key authentication

user-name-format without-domain



scheme radius-scheme

vlan-assignment-mode string

domain system


In the client switch port:

interface GigabitEthernet1/0/10

stp edged-port enable



SSH settings:


service-type ssh

Global configuration:

ssh user service-type all

ssh user authentication-type password

rsa local-key-pair create

In the interface vty:

user-interface vty 0 4

protocol inbound ssh

Fred Mancen
Occasional Contributor

Re: SSH Login & 802.1x


In a given by you configuration, shall I login using as a login name: "admin@system" or simply "admin" ?

May be I did a mistake, because in my configuration I used "system domain" as a domain for 802.1x logging and another domain for local logging. So because I had to point to system as a default logging I was no able to login locally.

Thank you for an advice with complete configuration ! :)


Super Advisor

Re: SSH Login & 802.1x

The user is just "admin". Actually, these features are independent in the configuration above, that's why you was not able to log on the switch using SSH.


Fred Mancen