Prevent users failing RADIUS authentication from logging in to S series switches

40

Administrative users can log in to S series switches (except S1700 switches) after they pass the RADIUS authentication. Their user accounts are configured on the remote RADIUS server but not in the AAA view of a local switch.
The methods of configuring switches to allow administrative users to log in after they pass the RADIUS authentication are similar.

Other related questions:
How to prevent users from logging in to S series switches in any way except Telnet
S series switches (except S1700 switches) support multiple user access types. A user can log in to a switch only when the user access type is the same as the access type configured for the user on the switch. If you want to restrict the user access type to Telnet, run the local-user user-name service-type telnet command in the AAA view to set the access type to Telnet. By default, a local user cannot use any access type.

The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication on an S series switch
The administrator cannot pass authentication if the administrator's authentication mode is changed to RADIUS authentication. For S series switches (except the S1700), such an authentication failure occurs because the entered user name does not contain a domain name. You need to check whether the user name on the authentication server contains a domain name. - If the user name on the authentication server contains a domain name, run the radius-server user-name domain-included command in the RADIUS server template view or run the hwtacacs-server user-name domain-included command in the HWTACACS server template view. - If the user name on the authentication server does not contain a domain name, run the undo radius-server user-name domain-included command in the RADIUS server template view or run the undo hwtacacs-server user-name domain-included command in the HWTACACS server template view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top