TACACS+ & local account Concern

Unanswered Question
Sep 4th, 2008

Hi,

Does the folllowing lines means that initially the authentication would be ACS-Server and incase ACS-Server is down then it would allow router-local username/password

aaa authentication ppp default group radius local

aaa authentication login default local

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Thu, 09/04/2008 - 10:13

If you are doing PPP connection (Dial-up), then true.

If you are trying to log into device for management(telnet/ssh), then no, then following command will be evaluated,

aaa authentication login default local

i.e. only local database will be checked.

Regards,

Prem

Please rate if it helps!

Amin Shaikh Thu, 09/04/2008 - 14:46

thanks Prem for your reply.

I would be logging into device for management (telnet/ssh)

So whats required to fillfull my requirement...

Premdeep Banga Thu, 09/04/2008 - 14:50

If you are using radius as the protocol,

radius-server host key

aaa authentication login default group radius local

If using tacacs+ as the protocol,

tacacs-server host key

aaa authentication login default group tacacs+ local

ACS needs to be configured accordingly.

Regards,

Prem

Please rate if it helps!

Amin Shaikh Fri, 09/05/2008 - 04:43

Thanks Prem..

I need to understand if the ACS Box is not reachable then how could I authenticate based on the following commands -::-

tacacs-server host key

aaa authentication login default group tacacs+ local

Premdeep Banga Fri, 09/05/2008 - 04:48

Have a user on local device, something like,

username admin privilege 15 password pa55w0rd

Then when Tacacs server is not available, you can log into device using the above created user account on the device.

Regards,

Prem

Please rate if it helps!

Actions

This Discussion