Question

Switch management authentication


Userlevel 4
Create Date: May 23 2013 1:29PM

We are setting up switch management authentication through our radius server. So far it works great. The one thing that we don't like is that when we connect to the switch on the console port we still need to authenticate through our radius servers. We want the option to log in to the switch with the local admin account on the switch if we are connecting through the console port. Has anyone had this problem and found a solution?

Thanks in advance! (from bw447)

2 replies

Userlevel 4
Create Date: May 23 2013 6:45PM

I haven't set our switches for RADIUS authentication so I'm not 100% on whether this would work, but have you tried using the failsafe account for this purpose? It might not be the most graceful solution but it may do what you need. (from Ansley_Barnes)
Userlevel 4
Create Date: Jun 11 2013 4:52PM

bw447 wrote:
We are setting up switch management authentication through our radius server. So far it works great. The one thing that we don't like is that when we connect to the switch on the console port we still need to authenticate through our radius servers. We want the option to log in to the switch with the local admin account on the switch if we are connecting through the console port. Has anyone had this problem and found a solution?

Thanks in advance!AFAIK local admin account will only be available if the switch loses connection with authentication server. Even for the serial console port.

But maybe you can configure you Radius server to allow login if you can identify somehow that the connection attempt is being made from the serial console. You would have to check access request packet and see if there is any difference between a console and a network login attempt.

(from Luis_Coelho)

Reply