cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
366
Views
0
Helpful
2
Replies

TACACS Problem .....

ravi.gyala
Level 1
Level 1

Please help me for this problem

**************************

we have a PPP Link .End A 7206 and End B 7206 router.we are implementing the TACACS services on the router B. and tacacs server is residing in router A end. it's validates only tacacs user when our link is proper b/w END A and END B router. we want router should be validate also local user as well as TACACS user.

the configuration is following....

*****************************

!

aaa authentication login default local group tacacs+

aaa authentication login NO_AUTHEN none

aaa authentication ppp default group default-group local

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization exec NO_AUTHOR none

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 1 NO_AUTHOR none

aaa authorization commands 15 default group tacacs+ if-authenticated

!

!

!

**************************

what step we should follow for this..?

2 Replies 2

Rupesh Kashyap
Level 1
Level 1

aaa authentication login default local group tacacs+ LOCAL

Use this one.

this command firstly authenticate the TACACS server after it authenticate local database. if tacacs server not avialable , then it go for local database. in this case we want both tacacs and local server both should be authenticate parallely.

for local user we are not defining any username in tacacs server. we want local user should be login in to the router without authenticate into the TACACS server.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: