10-02-2009 04:39 AM - edited 03-10-2019 04:43 PM
aaa new-model
!
!
aaa group server radius cisco-acs
server-private 10.32.108.68 auth-port 1645 acct-port 1646 key u14c
server-private 10.32.0.9 auth-port 1812 acct-port 1813 key u14
ip radius source-interface BVI1
!
aaa authentication login default group cisco-acs local-case
aaa authentication login acs-login group cisco-acs local-case
aaa authentication login ssl-login group ssl-login
aaa authorization exec default group cisco-acs local
aaa accounting exec default start-stop group cisco-acs
username root privilege 15 secret 5 ccccccccccccc
username support secret 5 hhhhhhhhhhhhhhhhhhh
I am having problem login to router using acs database and am not sure if it is configured to logon locally if acs AUTHENTICATION FAILS .I am not able to logon locally a using root username
10-02-2009 06:07 AM
aaa authentication login default group cisco-acs local-case
The username will be case sensitive. What is defined under your VTY's?
10-02-2009 11:41 AM
The router might not allow you to authenticate via local, if the TACACS server is reachable.
Try disconnecting the interface on this router connecting to TACACS (if possible) or somehow make the TACACS IP unreachable for this router using an ACL.
10-04-2009 07:07 PM
ccde (whoever you are)
Your configuration has 3 method lists for login authentication:
aaa authentication login default group cisco-acs local-case
aaa authentication login acs-login group cisco-acs local-case
aaa authentication login ssl-login group ssl-login
Without knowing how your console and aux and vty lines are configured and knowing how you are attempting access, we can not tell which of these lines is the one controlling your authentication.
And dhananjoy is quite correct that in the first two methods you will not attempt local login unless the authentication server does not respond to the authentication request.
So can you provide additional details from the configuration (at a minimum the config of console, aux, and vty - and more of the config might be better) and of how you are attempting to access the router?
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: