Table of Contents

How to configure 3Com switch to support radius or local login for management

Symptoms:

Radius server offline could not login to switch when radius is offline

“Need to have local authentication enabled on switch for fail safe ”

Fixes:

Configure the switch to support both radius device login and local login

Here is the configuration that work on SW5500.

#
 password-control length 4
 password-control history 2
 password-control login-attempt 3 exceed lock-time 120
#
 super password level 3 simple password
#
 local-server nas-ip 127.0.0.1 key 3com
#
 domain default enable 3comdevicelogin
#
 dot1x
 dot1x timer tx-period 10
 dot1x timer handshake-period 1024
 dot1x authentication-method eap
#
radius scheme system
#
radius scheme 3comapsc
 server-type standard
 primary authentication 152.67.101.23
 accounting optional
 key authentication radius
 user-name-format without-domain
 nas-ip 152.67.101.54
#
radius scheme 3ComDeviceLogin
 server-type extended
 primary authentication 152.67.101.39
 accounting optional
 key authentication radius
 user-name-format without-domain
 nas-ip 152.67.101.54
#
domain 3comdevicelogin
 scheme radius-scheme 3ComDeviceLogin local
domain apsc
 scheme radius-scheme 3comapsc
domain system
#
local-user admin
 service-type ssh telnet terminal
 level 3
 password-control aging 90
local-user manager
 service-type ssh telnet terminal
 level 2
local-user monitor
 service-type ssh telnet terminal
 level 1
#

Notes: The switch support radius login, OR local login, but not both methods

Product(s):

Switch 7700

Router 5000 Series

Router 3000 Series

Router 6000 Series

Switch 8800

Switch 5500

Switch 5500G

Switch 7750

Switch 4500