TACACS+

Unanswered Question
Jan 30th, 2009
User Badges:

Loging into a Cisco switch I want the below options to work. Im using Cisco ACS v4.1 and a cisco 3560 switch.

Is this possible



Switch login options:


1. TACACS+ server authenciation (Cisco ACS) ---


2a. TACACS+ server fails (Cisco ACS) - use local switch AAA username & Password


2b. TACACS+ username and password incorrect (Failed login on ACS) - use local switch AAA username & Password



! Console port


3 Console port use local AAA username and password only

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Collin Clark Fri, 01/30/2009 - 11:46
User Badges:
  • Purple, 4500 points or more

1. aaa authentication login VTYMethod group tacacs+

line vty 0 4

login authentication VTYMethod


1a. aaa authentication login VTYMethod group tacacs+ local

line vty 0 4

login authentication VTYMethod


2b. AFAIK you can't do that


3. aaa authentication login CONSOLEMethod group local

line con 0

login authentication CONSOLEMethod


Hope that helps.

Daniel Laden Sun, 02/01/2009 - 12:55
User Badges:
  • Cisco Employee,


2b. You will not be able to do this.  The local method is only checked if the TACACS method is unresponsive.  A failed TACACS authentication is an active response.

Actions

This Discussion