Comware

 View Only
Back to discussions
Expand all | Collapse all

Aruba 6000 Switch - Radius primary, local fallback

This thread has been viewed 8 times

  • 1.  Aruba 6000 Switch - Radius primary, local fallback

    Posted Jul 09, 2025 07:32 AM
     
    I'm working with an HPE Aruba 6000 series switch (ArubaOS-CX), and I have a RADIUS server configured like this:
     
    radius-server host XXX key ciphertext XXX auth-type pap
     
    aaa group server radius Dot1X
    server XXX
     
    aaa authentication login default group Dot1X local
    aaa authentication login ssh group Dot1X local
    aaa authentication login https-server group Dot1X local
    aaa authentication login console group Dot1X local
     
    I want the switch to use RADIUS as the primary authentication method for everything (SSH, console, web), but if the RADIUS server is unavailable, I want to fall back to a local user account. But with this config when Radius is reacheble,i can connect with Radius and local user.
     
    Question:
    How can I properly configure this behavior on ArubaOS-CX?
     
    Thanks in advance!


  • 2.  RE: Aruba 6000 Switch - Radius primary, local fallback

    Posted Jul 10, 2025 07:15 AM

    Try adding the following, that should allow for you to fail to local account. 

    aaa authentication allow-fail-through




Related Content