cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
734
Views
5
Helpful
3
Replies

ACS 5.0.0.21 Appliance

ghanshyam.saini
Level 1
Level 1

Hi,

I am using ACS 5.0.0.21 appliance, I have configured the network device and using the ACS local database for authentication.It is working fine.

Now I need if ACS fails or client not able to communicate to ACS I should be able to login to the device using device local crdentials.Is this possible?

Thanks in advance.

Ghanshyam Saini

3 Replies 3

Farrukh Haroon
VIP Alumni
VIP Alumni

Yes this can be done. Just create local users on the device e.g.

username JainCisco privilege 15 password VeRYS$Cure

Then modify your current AAA authentication method list as follows:

aaa authentication login group tacacs+ local-case

Now whenever the TACACS server is down, the local database will be queried for authentication.

Regards

Farrukh

P.S if you have other lists configured for ACS then you need to edit them as well (e.g. enable authentication, or authorization for exec etc)

Thanks a Ton! it works, i need one more help, i have created a group (and users in that) with level 7 access in that group shell profile, but they are not able to use sh run etc, commands on the devices...any clue

Please have a look at this document:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

If it above document does not solve the issue, post the AAA commands configred on the device ("show run | inc aaa|tacacs"), and if possible a screenshot of the command author. set in ACS.

Regards

Farrukh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: