I have our ASA's authenticating against ACS (tacacs+) and using ACS authorization which all works, but when the ACS server is unavailable I can log in using local authentication but I have no authorization rights. Is there a way to grant full authorization rights to the local user if ACS is unavailable?
I am using
aaa authentication ssh console <tacacs> LOCAL
aaa authorization ssh console <tacacs> LOCAL
You should have a local user on the ASA with privilege 15
You can add local user like this:
(config)#username password privilege 15
so this user account will have full access when your tacacs goes down.
Plz rate helpful posts-