cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3873
Views
1
Helpful
4
Replies

Does UCS fallback to local authentication when TACACS fail?

tin.ngo
Level 1
Level 1

I am considering configuring UCS to use TACACS but can't find any documentaion to suggest if the UCS would fallback

to Local when TACACS fail.  One would assume that it would so any link or pointers would be appreciated. Thank you.

4 Replies 4

stechamb
Level 1
Level 1

No it doesn't, you won't be able to log on.  For this reason you should always configure Console access as Local as a safety net / fall back should TACACS fail.  THen at least you can console in, change the auth to Local and use local accounts.

So in effect, you have to "manually fall back to local" - it isn't automatic.

Cheers

Steve

Oh, Thank you for the information. Since console acccess means command line only.

Am i right to suggest that one should know how to make changes and back out via command line

as the Web GUI won't be available when TACACS goes down?

I read this post and thought fallback was not supported but have since found out that Steve was incorrect in his statement.

If you look at the user guide you will see that it states:

"If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password."

Upon testing indeed fallback works properly.

Adding on Tims post.  This behaviour is documented here:

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/UCSM_CLI_Configuration_Guide_2_0_chapter7.html#d15831e2899_navtitle

Provider Groups

A provider group is a set of providers that will be used by Cisco UCS during the authentication process. Cisco UCS Manager allows you to create a maximum of 16 provider groups, with a maximum of eight providers allowed per group.

During authentication, all the providers within a provider group are tried in order. If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: