Extreme Networks

Jitendra_Patel · ‎11-26-2018

Can we configure TACACS+ Server for Switch Management and 802.1X User Authentication on RADIUS server on same EXOS switch?
If yes then please share sample Configuration for Summit X440-24-G2 Switch.

Jitendra_Patel · ‎11-26-2018

Thanks for your inputs, so finally I conclude that TACACS & RADIUS can not be configured simultaneously in EXOS. So to enable 802.1x User authentication through a RADIUS, we must disable TACACS for switch Management.
Please correct me if I am wrong.

Erik_Auerswald · ‎11-26-2018

Thanks for confirming this with switch output!

Ty_Izzet · ‎11-26-2018

Understood. It was just clarification on that only one could be used at a time. See error below if both are attempted to be enabled:

* X450a-24t.8 # en radius
Error: You have TACACS+ enabled. To enable RADIUS, disable TACACS+

* X450a-24t.9 # dis tacacs
* X450a-24t.10 # en radius
* X450a-24t.11 #

Erik_Auerswald · ‎11-26-2018

Thanks for the information!

But TACACS+ does not support EAP, thus it does not support 802.1X authentication, while RADIUS does. According to the User Guide, EXOS cannot use TACACS+ to authenticate network login using TACACS+.

Does enabling TACACS+ (for CLI access to the switch) really interfere with using RADIUS for 802.1X (netlogin) only? I think that is an unexpected limitation of EXOS.

Anyway, with the User Guide explicitly and repeatedly stating that TACACS+ and RADIUS cannot be used at the same time on EXOS, I stand corrected, EXOS does not seem to support this.

Thanks,
Erik