Unable to configure local AAA authentication

Unanswered Question
Oct 27th, 2008
User Badges:


In my Cisco ASA 55220 , I am unable to configure AAA.ASA is configured in transparent mode.

Please find the error msg..

ASA-MPLS(config)# aaa authentication enable console loCAL

ERROR: aaa-server group loCAL does not exist

Usage: [no] aaa mac-exempt match <mac-list-id>

[no] aaa authentication secure-http-client

[no] aaa authentication listener http|https <if_name> [port <port>] [redirect]

[no] aaa authentication|authorization|accounting include|exclude <svc>

<if_name> <l_ip> <l_mask> [<f_ip> <f_mask>] <server_tag>

[no] aaa authentication serial|telnet|ssh|http|enable console

<server_tag> [LOCAL]

[no] aaa accounting telnet|ssh|serial|enable console <server_tag>

[no] aaa authentication|authorization|accounting match

<access_list_name> <if_name> <server_tag>

[no] aaa authorization command {LOCAL | <tacacs_server_tag> [LOCAL]}

[no] aaa accounting command {privilege <level>} <tacacs_server_tag>

[no] aaa proxy-limit <proxy limit> | disable

[no] aaa local authentication attempts max-fail <fail-attempts>

clear configure aaa

clear aaa local user {fail-attempts|lockout} {all | username <uname>}}

show running-config [all] aaa [authentication|authorization|accounting


show aaa local user [lockout]


Please guide to resolve this issue..



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.6 (9 ratings)
Premdeep Banga Mon, 10/27/2008 - 06:24
User Badges:
  • Gold, 750 points or more

Use "LOCAL" not "loCAL"



Please rate if it helps!

elizer man-on Wed, 02/11/2015 - 05:13
User Badges:

This old post help my two days without sleeping in the night problem.

thank  you Premdeep.




meahmedhassan Wed, 11/16/2016 - 04:27
User Badges:

if you use the "local" key in small letters the ASA would consider it as a different aaa server over its default of "LOCAL" with capital letters, same concept for any other aaa server different than the default existent one.


Please try again by using the command with "LOCAL" key in capital letter. because the local server name is a case sensitive


This Discussion