TACACS Problem .....

Unanswered Question
Jan 13th, 2009

Please help me for this problem

**************************

we have a PPP Link .End A 7206 and End B 7206 router.we are implementing the TACACS services on the router B. and tacacs server is residing in router A end. it's validates only tacacs user when our link is proper b/w END A and END B router. we want router should be validate also local user as well as TACACS user.

the configuration is following....

*****************************

!

aaa authentication login default local group tacacs+

aaa authentication login NO_AUTHEN none

aaa authentication ppp default group default-group local

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec NO_AUTHOR none

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 1 NO_AUTHOR none

aaa authorization commands 15 default group tacacs+ if-authenticated

!

!

!

**************************

what step we should follow for this..?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ravi.gyala Tue, 01/13/2009 - 01:51

this command firstly authenticate the TACACS server after it authenticate local database. if tacacs server not avialable , then it go for local database. in this case we want both tacacs and local server both should be authenticate parallely.

for local user we are not defining any username in tacacs server. we want local user should be login in to the router without authenticate into the TACACS server.

Actions

This Discussion