Istvan_Rabai Thu, 07/23/2009 - 18:11
User Badges:
  • Gold, 750 points or more

Hi Bruce,

The config may be similar to the following:

aaa new-model

aaa authentication login default group tacacs+ local

tacacs-server host

tacacs-server key YYYYYYYYY

username TESTUSER privilege x password ZZZZZZZZZ

This implements the failover scenario you requested.

If the communication with the tacacs-server fails then the local user database will be used for authentication.

The "aaa authentication login default group tacacs+ local" command has the effect on all lines by default, including the console line.

If you want to implement this on select lines only then you have to create a named authentication method:

aaa authentication login TEST group tacacs+ local

line vty 0 4

login authentication TEST

In this case the authentication method will have effect on the vty lines 0 to 4 only.



Bruce Summers Fri, 07/24/2009 - 03:04
User Badges:

Thanks Istvan

appreciate the information...I was hoping to read a bit about the configuration...I'll test this config you provided in my test bed...



This Discussion