ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

AAA Authentication - Default logon domain on E-Series

SOLVED
Go to solution
svarttjern
Collector

AAA Authentication - Default logon domain on E-Series

Hi everyone

I want to setup AAA Authentication for SSH access to my E-Series switches but I am currently banging my head aganist the wall with the following issue: 

I want to use peap-mschapv2 as primary authentication method and then fallback to the local user database if RADIUS server is unavailable. Which is currently working as intended in my lab setup. 

But I would also like to be to authentication into the switch with a local user when the RADIUS server is avaliable, and as far as I can tell this is not possible. 

At all times when the switch is able to reach the RADIUS server it sends all the authentication requests to the RADIUS server. 

Is there a way to specify a default login domain like the A-series switches? So for example when I type manager@localhost it authentications to the local user database on the switch but when I type <username>@domain.local the authentication request is sent to the RADIUS server?

Thanks in advance

//Anders

2 REPLIES
16again
Respected Contributor
Solution

Re: AAA Authentication - Default logon domain on E-Series

afaik, this is by design.  Fallback to local database only occurs when radius server times out. 

svarttjern
Collector

Re: AAA Authentication - Default logon domain on E-Series

Damnit, but thanks alot for your reply 16again.

Regards, Anders