aaa authentication login default local group radius
aaa authentication enable default enable
aaa authorization exec default group radius if-authenticated
aaa session-id common
It was expected that switch will check the local username first and then Radius server. But it is not checking local username it's getting authenticated by RADUIS. even though default priority is for "local" and then "Radius group".
With the command "aaa authentication login default local group radius" the local database is checked first and RADIUS is the fallback. But there is a "feature" that is sometimes not expected. If the user is not found in the local database the authentication is not rejected, but passed to the next method which is RADIUS.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...