Wired Intelligent Edge

 View Only
Back to discussions
Expand all | Collapse all

HP ProCurve 2848 login (local account) via ssh over radius while radius available

This thread has been viewed 0 times

  • 1.  HP ProCurve 2848 login (local account) via ssh over radius while radius available

    Posted Mar 20, 2018 11:38 AM

    I'm trying to figure out if it is possible to configure the switch to allow ssh login using a permanent local account while radius is enabled and available over the network.  We're using Rancid to backup configs from other network devices and it relies on a user account to login with privileged credentials.  However, since it is currently configured to use radius, our radius policies require changing account passwords periodically and, with a service account, it may prevent backups services from working if the password expires.

    1. Is this possible?

    2. If so, how do you configure the ProCurve 2848?  We also have a 5412z we would like to apply this to.  Is the configuration different?

    3. We would also like to have a few local accounts accessible by ssh if the radius server is unavailable anyway as a backup, since it is a remote switch and console access would not be immediate.  How is this configured?  Thanks.



  • 2.  RE: HP ProCurve 2848 login (local account) via ssh over radius while radius available

    Posted Jun 22, 2018 06:37 AM

    You can't have both concurrently (RADIUS + local).

    You can have fallback to local if the RADIUS server is unavailable. It may take a while to login because it has to wait for the RADIUS timeout.

    aaa authentication login privilege-mode
aaa authentication web login radius local
aaa authentication web enable radius local
aaa authentication ssh login radius local
aaa authentication ssh enable radius local


Related Content