09-04-2008 09:56 AM - edited 03-10-2019 04:04 PM
Hi,
Does the folllowing lines means that initially the authentication would be ACS-Server and incase ACS-Server is down then it would allow router-local username/password [[ Is this True ]]
aaa authentication ppp default group radius local
aaa authentication login default local
09-04-2008 10:13 AM
If you are doing PPP connection (Dial-up), then true.
If you are trying to log into device for management(telnet/ssh), then no, then following command will be evaluated,
aaa authentication login default local
i.e. only local database will be checked.
Regards,
Prem
Please rate if it helps!
09-04-2008 02:46 PM
thanks Prem for your reply.
I would be logging into device for management (telnet/ssh)
So whats required to fillfull my requirement...
09-04-2008 02:50 PM
If you are using radius as the protocol,
radius-server host
aaa authentication login default group radius local
If using tacacs+ as the protocol,
tacacs-server host
aaa authentication login default group tacacs+ local
ACS needs to be configured accordingly.
Regards,
Prem
Please rate if it helps!
09-05-2008 04:43 AM
Thanks Prem..
I need to understand if the ACS Box is not reachable then how could I authenticate based on the following commands -::-
tacacs-server host
aaa authentication login default group tacacs+ local
09-05-2008 04:48 AM
Have a user on local device, something like,
username admin privilege 15 password pa55w0rd
Then when Tacacs server is not available, you can log into device using the above created user account on the device.
Regards,
Prem
Please rate if it helps!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: