ACS 5.0.0.21 Appliance

Unanswered Question
Nov 20th, 2009
User Badges:

Hi,


I am using ACS 5.0.0.21 appliance, I have configured the network device and using the ACS local database for authentication.It is working fine.

Now I need if ACS fails or client not able to communicate to ACS I should be able to login to the device using device local crdentials.Is this possible?


Thanks in advance.


Ghanshyam Saini

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Farrukh Haroon Mon, 11/23/2009 - 23:22
User Badges:
  • Red, 2250 points or more

Yes this can be done. Just create local users on the device e.g.


username JainCisco privilege 15 password VeRYS$Cure


Then modify your current AAA authentication method list as follows:


aaa authentication login group tacacs+ local-case


Now whenever the TACACS server is down, the local database will be queried for authentication.


Regards


Farrukh


P.S if you have other lists configured for ACS then you need to edit them as well (e.g. enable authentication, or authorization for exec etc)

ghanshyam.saini Tue, 11/24/2009 - 00:09
User Badges:

Thanks a Ton! it works, i need one more help, i have created a group (and users in that) with level 7 access in that group shell profile, but they are not able to use sh run etc, commands on the devices...any clue

Farrukh Haroon Tue, 11/24/2009 - 00:43
User Badges:
  • Red, 2250 points or more

Please have a look at this document:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml


If it above document does not solve the issue, post the AAA commands configred on the device ("show run | inc aaa|tacacs"), and if possible a screenshot of the command author. set in ACS.


Regards


Farrukh

Actions

This Discussion