When both RADIUS authentication and local authentication are configured on an S series switch, why a user is disconnected after more than 10s

When both RADIUS authentication and local authentication are configured on an S series switch, the switch performs local authentication if it does not receive any response from the RADIUS server for some reasons (for example, the RADIUS server fails). As shown in the following configuration file, RADIUS authentication and accounting are configured on the switch. The user successfully logs in through local authentication, but RADIUS accounting fails because the RADIUS server does not respond. Therefore, the user is disconnected.
#
radius-server template rad //Configure a RADIUS server template.
radius-server shared-key cipher %#%#HN!rP_Lc1<+L+H/&YUzN]CBy;_09Z>9T5\.k{T1/%#%#
radius-server authentication 10.7.66.66 1812 weight 80
radius-server accounting 10.7.66.66 1813 weight 80
#
aaa
authentication-scheme default
authentication-mode radius local //Configure the authentication scheme default and set the authentication modes to RADIUS authentication and local authentication.
authorization-scheme default
accounting-scheme default
accounting-mode radius //Configure the accounting scheme default and set the accounting method to RADIUS accounting.
domain default
domain default_admin
radius-server rad //Apply the RADIUS server template to the global default administrative domain. By default, the domain uses the authentication scheme default and accounting scheme default.
local-user user1 password cipher %#%#9X%T3y\jN;_&5(FU-B4P;);/tc^%VI\mA1KeeH%#%#
local-user user1 privilege level 15
local-user user1 service-type telnet terminal
#
Solution:
�?For administrators (logging in through Telnet, SSH, FTP, HTTP, or terminals), accounting is not required, so RADIUS accounting configuration can be deleted.
�?For non-administrator users, run the accounting start-fail online command in the accounting scheme view. After the command is executed, the users are not disconnected if accounting fails. However, accounting results are inaccurate. Before using this method, ensure that service will not be affected.

Scroll to top