TACACS+

Unanswered Question
Jan 30th, 2009

Loging into a Cisco switch I want the below options to work. Im using Cisco ACS v4.1 and a cisco 3560 switch.

Is this possible

Switch login options:

1. TACACS+ server authenciation (Cisco ACS) ---

2a. TACACS+ server fails (Cisco ACS) - use local switch AAA username & Password

2b. TACACS+ username and password incorrect (Failed login on ACS) - use local switch AAA username & Password

! Console port

3 Console port use local AAA username and password only

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Collin Clark Fri, 01/30/2009 - 11:46

1. aaa authentication login VTYMethod group tacacs+

line vty 0 4

login authentication VTYMethod

1a. aaa authentication login VTYMethod group tacacs+ local

line vty 0 4

login authentication VTYMethod

2b. AFAIK you can't do that

3. aaa authentication login CONSOLEMethod group local

line con 0

login authentication CONSOLEMethod

Hope that helps.

Daniel Laden Sun, 02/01/2009 - 12:55

2b. You will not be able to do this.  The local method is only checked if the TACACS method is unresponsive.  A failed TACACS authentication is an active response.

Actions

This Discussion