Reset Search
 

 

Article

ERS 4800: RADIUS Password Fallback Is Not Working When Radius Server Is Unreachable

« Go Back

Information

 
TitleERS 4800: RADIUS Password Fallback Is Not Working When Radius Server Is Unreachable
Symptoms
  • RADIUS password fallback is not working when Radius Server is down
  • syslog is showing failed RADIUS auth and access denied by RADIUS auth
  • role:security_administrator smith:Failed login (RADIUS auth) from IP add x.x.x.x


 
Environment
  • ERS4800/4900/5900
  • All supported software releases
Cause
Mis-configuration
Resolution
Set role name to emergency administrator as Radius Password Fallback works only in emergency administrator instead of security administrator, the default setting

Verify if emergency administrator is configured with show username. Only security administration is set which is the default

 
4950GTS-PWR+(config)#show username

Username:           Extreme1234
-------------------------------------------
Role name:          security_administrator
Enabled:            Yes
Password aging-time:  365 days
Lockout status: Available
Access-start-hour:  0
Access-stop-hour:   24
Inactive period:    360 days
Maximum number of sessions: 12
SSH access: Enabled
TELNET access: Enabled

To configure emergency administrator:
4850GTS-PWR+>en
4850GTS-PWR+#con term
Enter configuration commands, one per line.  End with CNTL/Z.
4850GTS-PWR+(config)#username add Extreme1234 role-name emergency_administrator pass
Enter password: ......
Confirm password

Verify role name emergency administrator after configuration addition.
 
4850GTS-PWR+>en
4850GTS-PWR+(config)#show username

Lockout timeout: 60 min
Lockout retries: 3
Emergency account timeout: not set

Username:           Extreme1234
-------------------------------------------
Role name:          emergency_administrator
Enabled:            Yes
Password aging-time:  365 days
Lockout status: Available
Access-start-hour:  0
Access-stop-hour:   24
Inactive period:    36 days
Maximum number of sessions: 12
SSH access: Enabled
TELNET access: Enabled

4950GTS-PWR+(config)#show username

Username:           ExtremeSJCA
-------------------------------------------
Role name:          security_administrator
Enabled:            Yes
Password aging-time:  365 days
Lockout status: Available
Access-start-hour:  0
Access-stop-hour:   24
Inactive period:    36 days
Maximum number of sessions: 12
SSH access: Enabled
TELNET access: Enabled



 
Additional notes
  • Must be in Enhance Secure Mode for Radius Password Fallback to work.
  • When Radius Server is down Only EMERGENCY_ADMINISTRATOR can login via Serial Console.

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255