Local authorization configuration

Answered Question
Oct 23rd, 2009
User Badges:

I have our ASA's authenticating against ACS (tacacs+) and using ACS authorization which all works, but when the ACS server is unavailable I can log in using local authentication but I have no authorization rights. Is there a way to grant full authorization rights to the local user if ACS is unavailable?


I am using


aaa authentication ssh console <tacacs> LOCAL

aaa authorization ssh console <tacacs> LOCAL

Correct Answer by Jatin Katyal about 7 years 5 months ago

Hi,


You should have a local user on the ASA with privilege 15


You can add local user like this:


(config)#username password privilege 15


so this user account will have full access when your tacacs goes down.


HTH


JK


Plz rate helpful posts-

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jatin Katyal Fri, 10/23/2009 - 12:13
User Badges:
  • Cisco Employee,

Hi,


You should have a local user on the ASA with privilege 15


You can add local user like this:


(config)#username password privilege 15


so this user account will have full access when your tacacs goes down.


HTH


JK


Plz rate helpful posts-

networker99 Fri, 10/23/2009 - 12:21
User Badges:

Yea I did have that user.. it was becuase I had not fully logged out after applying the commands.. all okay now.. thanks

Actions

This Discussion