This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access VSP with local account when RADIUS is enabled or has a problem, like Failsafe account in EXOS

Access VSP with local account when RADIUS is enabled or has a problem, like Failsafe account in EXOS

Go to solution
Anonymous
Not applicable

‎01-08-2021 03:38 PM

Hi,

Is there a means in VOSS to either still allow local accounts access to a switch, or something similar to the Failsafe account in EXOS, when you have RADIUS configured?

The advantage to the failsafe account in EXOS meant you always had a means to login into the switch regardless of state, i.e. if RADIUS was still active but something gets miss-configured or stops working in some fashion.

Without Failsafe access you could find yourself locked out of the switch if the RADIUS server is active but something isn’t quite working with it.

A failsafe account was also always a reassuring means that access to the switch would always be granted.

Many thanks,

Martin

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎03-04-2021 05:23 PM

Hi Martin, thank you for your patience while we looked in to this for you. Radius will supersede local authentication, so if the Radius server is not responding, things will fall back to local authentication options instead. Page 449 in this document goes over this in more detail: https://documentation.extremenetworks.com/VOSS/SW/81x/9035882_AdminVOSS_8.1_ADG.pdf?_ga=2.169313313....

 

Is that what you were looking for?

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
Anonymous
Not applicable

‎03-10-2021 11:18 AM

Hi Sam,

Thanks for getting back.

I liked the functionality and assurance that EXOS provided with the failsafe account, just knowing I always have an ability to log into the switch regardless, is reassuring.

Have had incidents where RADIUS is communicating but something about it isn't working, so it would never fall back to local login, because as far as the switch it concerned all is OK.

That is likely rare situation though, and the ability of being able to use failsafe could be seen as a vulnerability or a means to bypass RADIUS, so its not a real problem, just convenience, so no worries 🙂

Cheers

0 Kudos

Go to solution
SamPirok
Community Manager Community Manager
Community Manager

‎03-04-2021 05:23 PM

Hi Martin, thank you for your patience while we looked in to this for you. Radius will supersede local authentication, so if the Radius server is not responding, things will fall back to local authentication options instead. Page 449 in this document goes over this in more detail: https://documentation.extremenetworks.com/VOSS/SW/81x/9035882_AdminVOSS_8.1_ADG.pdf?_ga=2.169313313....

 

Is that what you were looking for?

0 Kudos
GTM-P2G8KFN