11-20-2009 12:02 AM - edited 03-10-2019 04:48 PM
Hi,
I am using ACS 5.0.0.21 appliance, I have configured the network device and using the ACS local database for authentication.It is working fine.
Now I need if ACS fails or client not able to communicate to ACS I should be able to login to the device using device local crdentials.Is this possible?
Thanks in advance.
Ghanshyam Saini
11-23-2009 11:22 PM
Yes this can be done. Just create local users on the device e.g.
username JainCisco privilege 15 password VeRYS$Cure
Then modify your current AAA authentication method list as follows:
aaa authentication login
Now whenever the TACACS server is down, the local database will be queried for authentication.
Regards
Farrukh
P.S if you have other lists configured for ACS then you need to edit them as well (e.g. enable authentication, or authorization for exec etc)
11-24-2009 12:09 AM
Thanks a Ton! it works, i need one more help, i have created a group (and users in that) with level 7 access in that group shell profile, but they are not able to use sh run etc, commands on the devices...any clue
11-24-2009 12:43 AM
Please have a look at this document:
If it above document does not solve the issue, post the AAA commands configred on the device ("show run | inc aaa|tacacs"), and if possible a screenshot of the command author. set in ACS.
Regards
Farrukh
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: