N1KV - radius aaa auth with local account fallback

Unanswered Question
Nov 11th, 2009

Attempting to setup aaa authentication using Radius, withability to fall back to locally defined accounts.

configuration is;

aaa authentication login default group Radius_Auth none

With N1KV we are unable to add "local" as an option after a group, as we do with physical routers and switches.

If the login account is not part of the Radius aaa group, logins fail and the locally defined accounts are never used.

Are we missing something?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
agiaccone Sun, 11/29/2009 - 17:28


if not specified, local fallback for atuhentication is the default behavior on nexus 1000v (http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_3aaa.html#wp1174514)

However I'm quite sure local account database is queried only if radius servers are unreachable, so users not havign a radius account can't access as long as the radius servers are reachable by the switch.

Hope this helps,



This Discussion