05-07-2018 08:17 AM
I have configured my 2920 switch to do RADIUS authentication, which works as expected, however I would also like to allow the local "manager" account to log in even if RADIUS is responding in the case where the RADIUS server is up but maybe the back-end user database is not responding correctly. I realize this is an edge case. Is there a way to do this in Aruba OS? I'm on version 16.02.
Solved! Go to Solution.
Re: Allow local "manager" account even if RADIUS is available
05-07-2018 11:51 AM - edited 05-07-2018 11:51 AM
When configuring access methods for switch management access, the 'aaa authentication <feature>' commands provide the ability to configure both a primary and secondary authentication method. If you'd like RADIUS to be the primary method and local username/password to be the secondary, you would use the following commands (these cover console/SSH login and enable access, as well as access to the Web UI):
switch(config)# aaa authentication console login radius local switch(config)# aaa authentication console enable radius local switch(config)# aaa authentication ssh login radius local switch(config)# aaa authentication ssh enable radius local switch(config)# aaa authentication web login radius local switch(config)# aaa authentication web enable radius local
Technical Marketing Engineer, Wired Intelligent Edge
Aruba, a Hewlett Packard Enterprise company
8000 FOOTHILLS BLVD | ROSEVILLE, CA 95747
T: 916.540.1759 | E: firstname.lastname@example.org
05-07-2018 12:05 PM
Thanks for the reply, however that's not exactly what I was asking. I actually opened a support ticket with the HPE support portal, and they confirmed that there is no configuration which allows the local user database to be used when the RADIUS server is available.