TACACS+ & local account Concern

Amin Shaikh · ‎09-04-2008

Hi,

Does the folllowing lines means that initially the authentication would be ACS-Server and incase ACS-Server is down then it would allow router-local username/password [[ Is this True ]]

aaa authentication ppp default group radius local

aaa authentication login default local

Premdeep Banga · ‎09-04-2008

If you are doing PPP connection (Dial-up), then true.

If you are trying to log into device for management(telnet/ssh), then no, then following command will be evaluated,

aaa authentication login default local

i.e. only local database will be checked.

Regards,

Prem

Please rate if it helps!

Amin Shaikh · ‎09-04-2008

thanks Prem for your reply.

I would be logging into device for management (telnet/ssh)

So whats required to fillfull my requirement...

Premdeep Banga · ‎09-04-2008

If you are using radius as the protocol,

radius-server host key

aaa authentication login default group radius local

If using tacacs+ as the protocol,

tacacs-server host key

aaa authentication login default group tacacs+ local

ACS needs to be configured accordingly.

Regards,

Prem

Please rate if it helps!

Amin Shaikh · ‎09-05-2008

Thanks Prem..

I need to understand if the ACS Box is not reachable then how could I authenticate based on the following commands -::-

tacacs-server host key

aaa authentication login default group tacacs+ local

Premdeep Banga · ‎09-05-2008

Have a user on local device, something like,

username admin privilege 15 password pa55w0rd

Then when Tacacs server is not available, you can log into device using the above created user account on the device.

Regards,

Prem

Please rate if it helps!