Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

SSH Login & 802.1x

psniech
Occasional Contributor

SSH Login & 802.1x

How to configure on the same switch (4210, 5500) 802.1x authentication with remote Radius server and loging to the switch with SSH using local user's database, at the same time ? If the default domain points to Radius, it is impossible to login via local SSH. If the default domain has a local scheme authentication, it is impossible to use external Radius...

3 REPLIES
Fred_Mancen_1
Super Advisor

Re: SSH Login & 802.1x

Hi.



Could you copy and paste your switches settings here?



This is a strange behavior, probably you are missing some settings. You can enable 802.1X with authentication on a RADIUS server and have a local SSH users authentication at the same time.



In my experience, the settings will be:



domain default enable

#

dhcp-server 1 ip

#

dot1x

dot1x timer supp-timeout 10

dot1x timer reauth-period 60

dot1x authentication-method eap

#

radius scheme system

radius scheme

server-type standard

primary authentication

accounting optional

key authentication

user-name-format without-domain

#

domain

scheme radius-scheme

vlan-assignment-mode string

domain system

#

In the client switch port:



interface GigabitEthernet1/0/10

stp edged-port enable

dot1x

#



SSH settings:



local-user

service-type ssh



Global configuration:



ssh user service-type all

ssh user authentication-type password



rsa local-key-pair create



In the interface vty:



user-interface vty 0 4

protocol inbound ssh

psniech
Occasional Contributor

Re: SSH Login & 802.1x

Hi,

In a given by you configuration, shall I login using as a login name: "admin@system" or simply "admin" ?

May be I did a mistake, because in my configuration I used "system domain" as a domain for 802.1x logging and another domain for local logging. So because I had to point to system as a default logging I was no able to login locally.

Thank you for an advice with complete configuration ! :)

Pawel

Fred_Mancen_1
Super Advisor

Re: SSH Login & 802.1x

The user is just "admin". Actually, these features are independent in the configuration above, that's why you was not able to log on the switch using SSH.



Regards