Solved

Access VSP with local account when RADIUS is enabled or has a problem, like Failsafe account in EXOS

  • 8 January 2021
  • 2 replies
  • 87 views

Userlevel 6
Badge

Hi,

Is there a means in VOSS to either still allow local accounts access to a switch, or something similar to the Failsafe account in EXOS, when you have RADIUS configured?

The advantage to the failsafe account in EXOS meant you always had a means to login into the switch regardless of state, i.e. if RADIUS was still active but something gets miss-configured or stops working in some fashion.

Without Failsafe access you could find yourself locked out of the switch if the RADIUS server is active but something isn’t quite working with it.

A failsafe account was also always a reassuring means that access to the switch would always be granted.

Many thanks,

Martin

icon

Best answer by Sam Pirok 4 March 2021, 18:23

Hi Martin, thank you for your patience while we looked in to this for you. Radius will supersede local authentication, so if the Radius server is not responding, things will fall back to local authentication options instead. Page 449 in this document goes over this in more detail: https://documentation.extremenetworks.com/VOSS/SW/81x/9035882_AdminVOSS_8.1_ADG.pdf?_ga=2.169313313.1064181323.1614107180-386645217.1530191928

 

Is that what you were looking for?

View original

2 replies

Userlevel 6

Hi Martin, thank you for your patience while we looked in to this for you. Radius will supersede local authentication, so if the Radius server is not responding, things will fall back to local authentication options instead. Page 449 in this document goes over this in more detail: https://documentation.extremenetworks.com/VOSS/SW/81x/9035882_AdminVOSS_8.1_ADG.pdf?_ga=2.169313313.1064181323.1614107180-386645217.1530191928

 

Is that what you were looking for?

Userlevel 6
Badge

Hi Sam,

Thanks for getting back.

I liked the functionality and assurance that EXOS provided with the failsafe account, just knowing I always have an ability to log into the switch regardless, is reassuring.

Have had incidents where RADIUS is communicating but something about it isn't working, so it would never fall back to local login, because as far as the switch it concerned all is OK.

That is likely rare situation though, and the ability of being able to use failsafe could be seen as a vulnerability or a means to bypass RADIUS, so its not a real problem, just convenience, so no worries :)

Cheers

Reply