Aruba & ProVision-based
1748201 Members
2909 Online
108759 Solutions
New Discussion

HP ProCurve 2848 login (local account) via ssh over radius while radius available

 
ay_jay
Advisor

HP ProCurve 2848 login (local account) via ssh over radius while radius available

I'm trying to figure out if it is possible to configure the switch to allow ssh login using a permanent local account while radius is enabled and available over the network.  We're using Rancid to backup configs from other network devices and it relies on a user account to login with privileged credentials.  However, since it is currently configured to use radius, our radius policies require changing account passwords periodically and, with a service account, it may prevent backups services from working if the password expires.

1. Is this possible?

2. If so, how do you configure the ProCurve 2848?  We also have a 5412z we would like to apply this to.  Is the configuration different?

3. We would also like to have a few local accounts accessible by ssh if the radius server is unavailable anyway as a backup, since it is a remote switch and console access would not be immediate.  How is this configured?  Thanks.

1 REPLY 1
Richard Litchfield
Respected Contributor

Re: HP ProCurve 2848 login (local account) via ssh over radius while radius available

You can't have both concurrently (RADIUS + local).

You can have fallback to local if the RADIUS server is unavailable. It may take a while to login because it has to wait for the RADIUS timeout.

aaa authentication login privilege-mode
aaa authentication web login radius local
aaa authentication web enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local