cancel
Showing results for 
Search instead for 
Did you mean: 

Access VSP with local account when RADIUS is enabled or has a problem, like Failsafe account in EXOS

Access VSP with local account when RADIUS is enabled or has a problem, like Failsafe account in EXOS

Anonymous
Not applicable

Hi,

Is there a means in VOSS to either still allow local accounts access to a switch, or something similar to the Failsafe account in EXOS, when you have RADIUS configured?

The advantage to the failsafe account in EXOS meant you always had a means to login into the switch regardless of state, i.e. if RADIUS was still active but something gets miss-configured or stops working in some fashion.

Without Failsafe access you could find yourself locked out of the switch if the RADIUS server is active but something isn’t quite working with it.

A failsafe account was also always a reassuring means that access to the switch would always be granted.

Many thanks,

Martin

1 ACCEPTED SOLUTION

SamPirok
Community Manager Community Manager
Community Manager

Hi Martin, thank you for your patience while we looked in to this for you. Radius will supersede local authentication, so if the Radius server is not responding, things will fall back to local authentication options instead. Page 449 in this document goes over this in more detail: https://documentation.extremenetworks.com/VOSS/SW/81x/9035882_AdminVOSS_8.1_ADG.pdf?_ga=2.169313313....

 

Is that what you were looking for?

View solution in original post

2 REPLIES 2

Anonymous
Not applicable

Hi Sam,

Thanks for getting back.

I liked the functionality and assurance that EXOS provided with the failsafe account, just knowing I always have an ability to log into the switch regardless, is reassuring.

Have had incidents where RADIUS is communicating but something about it isn't working, so it would never fall back to local login, because as far as the switch it concerned all is OK.

That is likely rare situation though, and the ability of being able to use failsafe could be seen as a vulnerability or a means to bypass RADIUS, so its not a real problem, just convenience, so no worries 🙂

Cheers

SamPirok
Community Manager Community Manager
Community Manager

Hi Martin, thank you for your patience while we looked in to this for you. Radius will supersede local authentication, so if the Radius server is not responding, things will fall back to local authentication options instead. Page 449 in this document goes over this in more detail: https://documentation.extremenetworks.com/VOSS/SW/81x/9035882_AdminVOSS_8.1_ADG.pdf?_ga=2.169313313....

 

Is that what you were looking for?

GTM-P2G8KFN