ACS 5.0.0.21 Appliance

Unanswered Question
Nov 20th, 2009

Hi,


I am using ACS 5.0.0.21 appliance, I have configured the network device and using the ACS local database for authentication.It is working fine.

Now I need if ACS fails or client not able to communicate to ACS I should be able to login to the device using device local crdentials.Is this possible?


Thanks in advance.


Ghanshyam Saini

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Mon, 11/23/2009 - 23:22

Yes this can be done. Just create local users on the device e.g.


username JainCisco privilege 15 password VeRYS$Cure


Then modify your current AAA authentication method list as follows:


aaa authentication login group tacacs+ local-case


Now whenever the TACACS server is down, the local database will be queried for authentication.


Regards


Farrukh


P.S if you have other lists configured for ACS then you need to edit them as well (e.g. enable authentication, or authorization for exec etc)

ghanshyam.saini Tue, 11/24/2009 - 00:09

Thanks a Ton! it works, i need one more help, i have created a group (and users in that) with level 7 access in that group shell profile, but they are not able to use sh run etc, commands on the devices...any clue

Actions

This Discussion