01-13-2009 12:00 AM - edited 03-04-2019 03:26 AM
Please help me for this problem
**************************
we have a PPP Link .End A 7206 and End B 7206 router.we are implementing the TACACS services on the router B. and tacacs server is residing in router A end. it's validates only tacacs user when our link is proper b/w END A and END B router. we want router should be validate also local user as well as TACACS user.
the configuration is following....
*****************************
!
aaa authentication login default local group tacacs+
aaa authentication login NO_AUTHEN none
aaa authentication ppp default group default-group local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec NO_AUTHOR none
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 1 NO_AUTHOR none
aaa authorization commands 15 default group tacacs+ if-authenticated
!
!
!
**************************
what step we should follow for this..?
01-13-2009 12:29 AM
aaa authentication login default local group tacacs+ LOCAL
Use this one.
01-13-2009 01:51 AM
this command firstly authenticate the TACACS server after it authenticate local database. if tacacs server not avialable , then it go for local database. in this case we want both tacacs and local server both should be authenticate parallely.
for local user we are not defining any username in tacacs server. we want local user should be login in to the router without authenticate into the TACACS server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: