tacacs+ local logins

Bruce Summers · ‎07-23-2009

can somebody point me to a config guide for setting up tacacs authentication with failover to local login if tacs fails???

thanks...

bruce

Istvan_Rabai · ‎07-23-2009

Hi Bruce,

The config may be similar to the following:

aaa new-model

aaa authentication login default group tacacs+ local

tacacs-server host 10.10.10.10

tacacs-server key YYYYYYYYY

username TESTUSER privilege x password ZZZZZZZZZ

This implements the failover scenario you requested.

If the communication with the tacacs-server fails then the local user database will be used for authentication.

The "aaa authentication login default group tacacs+ local" command has the effect on all lines by default, including the console line.

If you want to implement this on select lines only then you have to create a named authentication method:

aaa authentication login TEST group tacacs+ local

line vty 0 4

login authentication TEST

In this case the authentication method will have effect on the vty lines 0 to 4 only.

Cheers:

Istvan

Bruce Summers · ‎07-24-2009

Thanks Istvan

appreciate the information...I was hoping to read a bit about the configuration...I'll test this config you provided in my test bed...

thanksagain.

Leo Laohoo · ‎07-24-2009

Basic TACACS+ Configuration Example

Hope this helps.