Comware

 View Only
Back to discussions
Expand all | Collapse all

Aruba 6000 Switch - Radius primary, local fallback

This thread has been viewed 18 times

  • 1.  Aruba 6000 Switch - Radius primary, local fallback

    Posted Jul 09, 2025 07:32 AM
     
    I'm working with an HPE Aruba 6000 series switch (ArubaOS-CX), and I have a RADIUS server configured like this:
     
    radius-server host XXX key ciphertext XXX auth-type pap
     
    aaa group server radius Dot1X
    server XXX
     
    aaa authentication login default group Dot1X local
    aaa authentication login ssh group Dot1X local
    aaa authentication login https-server group Dot1X local
    aaa authentication login console group Dot1X local
     
    I want the switch to use RADIUS as the primary authentication method for everything (SSH, console, web), but if the RADIUS server is unavailable, I want to fall back to a local user account. But with this config when Radius is reacheble,i can connect with Radius and local user.
     
    Question:
    How can I properly configure this behavior on ArubaOS-CX?
     
    Thanks in advance!


  • 2.  RE: Aruba 6000 Switch - Radius primary, local fallback

    Posted Jul 09, 2025 08:47 AM

    This is not the right forum for CX switch questions. This one is for Comware.

    However, lets try to answer your question.

    Does the config "aaa authentication allow-fail-through" exist? If allow-fail-through is enabled you will get this behavior.

    https://arubanetworking.hpe.com/techdocs/AOS-CX/10.15/HTML/security_5420-6200-6300-6400/Content/Rem_AAA_cmds/aaa-aut-all-fai-thr4.htm



    ------------------------------
    Willem Bargeman
    Systems Engineer Aruba
    ACEX #125
    ------------------------------

    Original Message


Related Content