Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Re: SSH Login & 802.1x

 
Occasional Contributor

SSH Login & 802.1x

How to configure on the same switch (4210, 5500) 802.1x authentication with remote Radius server and loging to the switch with SSH using local user's database, at the same time ? If the default domain points to Radius, it is impossible to login via local SSH. If the default domain has a local scheme authentication, it is impossible to use external Radius...

3 REPLIES 3
Super Advisor

Re: SSH Login & 802.1x

Hi.



Could you copy and paste your switches settings here?



This is a strange behavior, probably you are missing some settings. You can enable 802.1X with authentication on a RADIUS server and have a local SSH users authentication at the same time.



In my experience, the settings will be:



domain default enable

#

dhcp-server 1 ip

#

dot1x

dot1x timer supp-timeout 10

dot1x timer reauth-period 60

dot1x authentication-method eap

#

radius scheme system

radius scheme

server-type standard

primary authentication

accounting optional

key authentication

user-name-format without-domain

#

domain

scheme radius-scheme

vlan-assignment-mode string

domain system

#

In the client switch port:



interface GigabitEthernet1/0/10

stp edged-port enable

dot1x

#



SSH settings:



local-user

service-type ssh



Global configuration:



ssh user service-type all

ssh user authentication-type password



rsa local-key-pair create



In the interface vty:



user-interface vty 0 4

protocol inbound ssh

Regards,
Fred Mancen
Occasional Contributor

Re: SSH Login & 802.1x

Hi,

In a given by you configuration, shall I login using as a login name: "admin@system" or simply "admin" ?

May be I did a mistake, because in my configuration I used "system domain" as a domain for 802.1x logging and another domain for local logging. So because I had to point to system as a default logging I was no able to login locally.

Thank you for an advice with complete configuration ! :)

Pawel

Super Advisor

Re: SSH Login & 802.1x

The user is just "admin". Actually, these features are independent in the configuration above, that's why you was not able to log on the switch using SSH.



Regards

Regards,
Fred Mancen