Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1650
Views
5
Helpful
1
Replies

TACACS+ and Local Authentication Simultaneously

scott3560
Level 1
Level 1

‎09-13-2010 11:00 AM - edited ‎03-10-2019 05:24 PM

Is there any way that authentication can be configured to use TACACS+ and local authentication simultaneously.  For example, most users will have user profiles and will be authenticated using a TACACS server, but a few accounts will be configured locally on the Cisco device.  I have used the following two configurations:

aaa authentication login default group tacacs+ local

(This configuration only goes to the local database if communication with the TACACS server fails completely)

aaa authentication login default local group tacacs+

(This configuration only checks the local database and never goes to the TACACS server)

I have not been able to find a configuration that will use TACACS and local authentication simultaneously

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Panos Kampanakis
Cisco Employee
Cisco Employee

‎09-13-2010 11:34 AM

You cannot do what you are trying to do. For (default login you need to use the first policy matched.

you can diversify telnet/ssh with http by  creating different aaa groups.

But still you will be loging in for telnet users (all of them) using one method.

I hope it is clear.

PK

Customers Also Viewed These Support Documents