02-06-2008 03:18 AM - edited 03-10-2019 03:38 PM
I have configured aaa command
"aaa authentication login default group radius none" to cisco switch. If i shutdown windows IAS server where i have configure client(cisco switch) i can get in to switch because of that "none" condition. But if our IAS server is up but MS Active directory server is down can i get in to switch in that case.(does that condition "none" still be valid.
Any idea
thanks
Juha
02-06-2008 05:37 AM
Juhu,
It will fallback only if there is no respose from IAS or it returns with "error". If IAS do not respond , it will fallback and if IAS responds "user not found" then won't fall back.
In ACS if AD is down then it returns value "user not found" (no fallback)
Regards,
~JG
Do rate helpful posts
02-06-2008 06:03 AM
thanks
One more question.
What do you thing.Is only way to keep access to switch during AD server down using command like "aaa authentication login default group radius none local" and creting local user and password to switch.
juha
02-07-2008 06:52 AM
Juhu,
No need to use work "none"
This command will do the needful
aaa authentication login default group radius local
Regards.
~JG
Do rate helpful posts
02-08-2008 01:48 AM
Thanks again.
So if AD is down and i use that "aaa authentication login default group radius local " switch do fallback. That is quiet hard to test because AD server must be up. : )
Or how to make sure that when AD is down i still have access to switch.
Juha
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: