Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA authentication local failover

Hi

We have following configuration for aaa on L3 switch

CASE 1

aaa authentication login default group radius local

aaa authentication enable default enable

aaa authorization exec default group radius if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

radius-server host ******* auth-port 1645 acct-port 1813

radius-server key ************

line vty 0 4

access-class acl-VTY in

exec-timeout 9 30

password 7 ********

transport input ssh

username cisco password **********

enable secret *********

In this configuration in order to test the local user (cisco) a radius server key was removed.

Even then local user was not able to login to the router. No idea why?

One point is we dont have authorization and accounting configured on the RADIUS does this cause the problem?

==================================================================================

CASE 2: ( router 2 )

aaa authentication login default group radius local

aaa authentication enable default enable

aaa authorization exec default group radius if-authenticated

radius-server host ******* auth-port 1645 acct-port 1813

radius-server key ************

line vty 0 4

access-class acl-VTY in

exec-timeout 9 30

password 7 ********

transport input ssh

username cisco password **********

enable secret *********

No authorization / accounting commands configured. Here local user authentication works after removing the RADIUS key.

Please share the experience.

Thanks

Subodh

511
Views
0
Helpful
0
Replies