ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Radius authentication and local XOS username requirement (test results included within)


Article ID: 167941


Updated On:




Logging into a chassis using a username created on the radius server does not work.
Radius server as defined below with "Fallback Local Auth" set default (permit-all)

CBS# show radius-server

Host Name or Host IP  Authentication Port  Timeout (seconds)  Key     Fallback Local Auth            1812                 3               crossbeam  permit-all



Radius authentication does not work.
The output from the following command:

tcpdump -neei eth2 host <ip address of radius server> port radius

The tcpdump specifically shows a reject message from the radius server.


  1. Define the same username on both XOS and the Radius server using different passwords in each case. The Radius and XOS usernames must match for successful authentication. Password check will be done via Radius using its database.
  2. Logging using the admin (XOS) account will work because the default is permit-all for fallback-to-local settings.