Radius authentication and local XOS username requirement (test results included within)

book

Article ID: 167941

calendar_today

Updated On:

Products

XOS

Issue/Introduction

Logging into a chassis using a username created on the radius server does not work.
Radius server as defined below with "Fallback Local Auth" set default (permit-all)

CBS# show radius-server

Host Name or Host IP  Authentication Port  Timeout (seconds)  Key     Fallback Local Auth 

10.9.1.158            1812                 3               crossbeam  permit-all


 

Cause

Radius authentication does not work.
The output from the following command:

tcpdump -neei eth2 host <ip address of radius server> port radius


The tcpdump specifically shows a reject message from the radius server.

Resolution

  1. Define the same username on both XOS and the Radius server using different passwords in each case. The Radius and XOS usernames must match for successful authentication. Password check will be done via Radius using its database.
  2. Logging using the admin (XOS) account will work because the default is permit-all for fallback-to-local settings.

Workaround

N/A