Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA authentication preference

We have AAA configured as follows

aaa new-model

aaa authentication login default local group radius

aaa authentication enable default enable

aaa authorization exec default group radius if-authenticated

aaa session-id common

It was expected that switch will check the local username first and then Radius server. But it is not checking local username it's getting authenticated by RADUIS. even though default priority is for "local" and then "Radius group".

Please share the experience.

Thanks,

-Subodh

1 REPLY
VIP Purple

AAA authentication preference

With the command "aaa authentication login default local group radius" the local database is checked first and RADIUS is the fallback. But there is a "feature" that is sometimes not expected. If the user is not found in the local database the authentication is not rejected, but passed to the next method which is RADIUS.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
259
Views
0
Helpful
1
Replies