Istvan_Rabai Thu, 07/23/2009 - 18:11
User Badges:
  • Gold, 750 points or more

Hi Bruce,


The config may be similar to the following:


aaa new-model

aaa authentication login default group tacacs+ local


tacacs-server host 10.10.10.10

tacacs-server key YYYYYYYYY


username TESTUSER privilege x password ZZZZZZZZZ


This implements the failover scenario you requested.

If the communication with the tacacs-server fails then the local user database will be used for authentication.



The "aaa authentication login default group tacacs+ local" command has the effect on all lines by default, including the console line.


If you want to implement this on select lines only then you have to create a named authentication method:


aaa authentication login TEST group tacacs+ local

line vty 0 4

login authentication TEST


In this case the authentication method will have effect on the vty lines 0 to 4 only.


Cheers:

Istvan


Bruce Summers Fri, 07/24/2009 - 03:04
User Badges:

Thanks Istvan


appreciate the information...I was hoping to read a bit about the configuration...I'll test this config you provided in my test bed...


thanksagain.

Actions

This Discussion