TACACS+ and Local Authentication Simultaneously

Unanswered Question
Sep 13th, 2010
User Badges:

Is there any way that authentication can be configured to use TACACS+ and local authentication simultaneously.  For example, most users will have user profiles and will be authenticated using a TACACS server, but a few accounts will be configured locally on the Cisco device.  I have used the following two configurations:

aaa authentication login default group tacacs+ local

(This configuration only goes to the local database if communication with the TACACS server fails completely)

aaa authentication login default local group tacacs+

(This configuration only checks the local database and never goes to the TACACS server)

I have not been able to find a configuration that will use TACACS and local authentication simultaneously

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Panos Kampanakis Mon, 09/13/2010 - 11:34
User Badges:
  • Cisco Employee,

You cannot do what you are trying to do. For (default login you need to use the first policy matched.

you can diversify telnet/ssh with http by  creating different aaa groups.

But still you will be loging in for telnet users (all of them) using one method.

I hope it is clear.



This Discussion