TWSD-1305 AAA should be primary and local user should be in fallback login while AAA is not available
Review Request #1379 — Created Feb. 11, 2026 and submitted — Latest diff uploaded
| Information | |
|---|---|
| weikai | |
| APV10 | |
| rel_apv_10_7, rel_apv_10_7_3 | |
| TWSD-1305 | |
| Reviewers | |
| kevin.poh, mingji, williamkuan | |
Root cause
- Enhanced feature: Use only AAA for login authentication, and fall back to the local user only when the AAA service is unavailable.
- Bug: When two or more AAA service configurations are present, authentication requests may be sent to multiple services.Solution
- The command "admin aaa on 2" adds a new option value 2 as the last parameter.
The original options were 0 and 1.
Modify to 0, 1, 2, and update the Web and SSH authentication logic to support option 2.
- Fix login authentication requests to send only to the single enabled AAA service.
- Test "admin aaa on 0/1/2"
- AAA: Radius, TACACS, ldap(s)