TACACS+ & local account Concern

Unanswered Question
Sep 4th, 2008
User Badges:

Hi,


Does the folllowing lines means that initially the authentication would be ACS-Server and incase ACS-Server is down then it would allow router-local username/password


aaa authentication ppp default group radius local


aaa authentication login default local


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Premdeep Banga Thu, 09/04/2008 - 10:13
User Badges:
  • Gold, 750 points or more

If you are doing PPP connection (Dial-up), then true.


If you are trying to log into device for management(telnet/ssh), then no, then following command will be evaluated,


aaa authentication login default local


i.e. only local database will be checked.


Regards,

Prem


Please rate if it helps!


Amin Shaikh Thu, 09/04/2008 - 14:46
User Badges:

thanks Prem for your reply.


I would be logging into device for management (telnet/ssh)


So whats required to fillfull my requirement...




Premdeep Banga Thu, 09/04/2008 - 14:50
User Badges:
  • Gold, 750 points or more

If you are using radius as the protocol,


radius-server host key

aaa authentication login default group radius local


If using tacacs+ as the protocol,


tacacs-server host key

aaa authentication login default group tacacs+ local


ACS needs to be configured accordingly.


Regards,

Prem


Please rate if it helps!

Amin Shaikh Fri, 09/05/2008 - 04:43
User Badges:

Thanks Prem..


I need to understand if the ACS Box is not reachable then how could I authenticate based on the following commands -::-


tacacs-server host key

aaa authentication login default group tacacs+ local



Premdeep Banga Fri, 09/05/2008 - 04:48
User Badges:
  • Gold, 750 points or more

Have a user on local device, something like,


username admin privilege 15 password pa55w0rd


Then when Tacacs server is not available, you can log into device using the above created user account on the device.


Regards,

Prem


Please rate if it helps!

Actions

This Discussion