When both RADIUS authentication and local authentication are configured, the device performs local authentication if it does not receive any response from the RADIUS server (for example, if the RADIUS server fails). As shown in the following configuration file, RADIUS authentication and accounting are configured on the device. Even though the user successfully logs in through local authentication, RADIUS accounting fails because the RADIUS server does not respond. Therefore, the user is disconnected.
# radius-server template rad //Configure the RADIUS server template. radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%# radius-server authentication 10.7.66.66 1812 weight 80 radius-server accounting 10.7.66.66 1813 weight 80 # aaa authentication-scheme default authentication-mode radius local //In the authentication scheme named default, the authentication mode is set to RADIUS authentication and local authentication. authorization-scheme default accounting-scheme default accounting-mode radius //In the accounting scheme named default, the accounting mode is set to RADIUS accounting. domain default_admin radius-server rad //Apply the RADIUS server template to the global default management domain. By default, the domain uses the default authentication and accounting schemes. local-user user1 password cipher %^%#9X%T3y\jN;_&5(FU-B4P;);/tc^%VI\mA1KeeH%^%# local-user user1 privilege level 15 local-user user1 service-type telnet terminal #