Comware Based
Showing results for 
Search instead for 
Did you mean: 

3Com 5500 EI Radius Failover to local

Occasional Visitor

3Com 5500 EI Radius Failover to local


Yesterday I finally got my freeradius server playing nicely with a 3Com 5500 EI, thanks in no small part to the great posts in this forum. 
I know that it possible to have a primary and a secondary radius sever set up in the same radius scheme (example config below).  
radius scheme freerad
 server-type extended
 primary authentication x.x.x.x
 primary accounting x.x.x.x
 accounting optional
 key authentication ******
 key accounting ******
 user-name-format without-domain
Is it possible to have a radius server set a primary, and if the server is not accessible, set the secondary to local login authentication?  
This is my first post here, sorry if there is not enough information, or if this post is in the wrong place. 
Thanks in advance!

Re: 3Com 5500 EI Radius Failover to local



Yes it is possible.

you need to set it up under domain like:


domain test


authentication login radius-scheme freerad local



with the above config you are telling the system if it cannot reach radius with primary and secondary servers then fallback to local authentication.


you also need to have created a local user and give access like


local-user test

password simple test

service telnet

service ssh

authorization-attribute level 3




Occasional Visitor

Re: 3Com 5500 EI Radius Failover to local

Awesome! That worked great.

I noticed that if radius is reachable, then local logins are completely unavailable. Is there a way for local to be checked after a failure to authenticate by radius?

Thanks for the help!