Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

aaa tacacs+ backup line

hi,

I am using aaa for tacacs+ authentication on my routers but my tacacs+ server is taking usernames from LDAP. If LDAP goes down my authentication is failing. So I need a backup configuration for line vty 4 like

"aaa authentication login test line"

"login authentication test"

But line searching "enable" password from tacacs server...

I want that "line must use local enable password"

Ozlem

3 REPLIES
Silver

Re: aaa tacacs+ backup line

Hello Ozlem,

If the LDAP server fails then router will not fall back to local database unlike if ACS fails. The reason is that information is not propogated to the router. You can have backup LDAP server defined on the ACS though for fall back on ACS side.

Thanks,

Mynul

New Member

Re: aaa tacacs+ backup line

first of all thanks for your help,

but I cant do that bacause LDAP server admins dont want that :) and there is an interesting thing, my friends have used that commands at old IOS versions, I think it was a bug???

New Member

Re: aaa tacacs+ backup line

Hello again,

I am still loking for the answer, is there a way to solve my problem?

Thanks

146
Views
0
Helpful
3
Replies
CreatePlease to create content