Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA and local user authentication

Hi,

I already have AAA authentication setup on my switch. And I can use local users to login when the AAA server is unreachable.

But I want to know if it is possible to use local users even when the AAA server is reachable. Something like first it checks the local users databse and if the user does not exists then fallback to AAA or vice versa.

Thanks.

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: AAA and local user authentication

Ismail,

This is your answer:

aaa authentication login default local group radius/tacacs

Parthapratim - A little correction,it will go to radius or tacacs + if the user is not present locally.

The local DB differs in the way fallback works which is the exception.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
3 REPLIES
Cisco Employee

AAA and local user authentication

Ismail, the authentication method you define act as a service. So only when the service is not avilable the method fallback to the next methond you define.

So in your case if the user account is not present in the local data base it will not fallback to aaa server.

aaa authentication login default local group radius

The same holds true if the user account is not there in the aaa server

aaa authentication login default group radius local


Only when the aaa server is not responding (service downe or not reachable) it will fallback to the local database.

Hope this helps!

Silver

Re: AAA and local user authentication

Ismail,

This is your answer:

aaa authentication login default local group radius/tacacs

Parthapratim - A little correction,it will go to radius or tacacs + if the user is not present locally.

The local DB differs in the way fallback works which is the exception.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
New Member

AAA and local user authentication

Edward,

Thanks for your reply.

It works perfectly.

205
Views
5
Helpful
3
Replies
CreatePlease login to create content