Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

aaa tacacs+ with backup local auth

Hi,

I am trying to get my switches/routers/etc to use aaa to restrict access to configuration of my network devices. I have the aaa authenticating to ACS v3.3 now, but for some reason my local user no longer works. I would like to have the option of a local login just in case my ACS becomes unavailable.

My config on a 2950 is...

version 12.1

service nagle

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

aaa new-model

aaa authentication login GPRC-Access group tacacs+ local enable none

aaa authorization exec GPRC-Access group tacacs+ local

aaa authorization network GPRC-Access group tacacs+ local

aaa accounting exec GPRC-Access start-stop group tacacs+

aaa accounting network GPRC-Access start-stop group tacacs+

enable secret xxx

enable password xxx

!

username admin privilege 15 secret xxx

tacacs-server host 172.20.2.25 key xxx

tacacs-server key xxx

tacacs-server administration

line vty 0 4

exec-timeout 15 0

password xxx

authorization exec GPRC-Access

accounting exec GPRC-Access

logging synchronous

login authentication GPRC-Access

length 48

line vty 5 15

password xxx

!

1 ACCEPTED SOLUTION

Accepted Solutions

Re: aaa tacacs+ with backup local auth

The only time the local user will work is when your TACACs server is unavailable. You can test by putting in the wrong TACACs key and establishing a new seeiosn. Make sure you keep the original session open just in case :-)

HTH and please rate.

2 REPLIES

Re: aaa tacacs+ with backup local auth

The only time the local user will work is when your TACACs server is unavailable. You can test by putting in the wrong TACACs key and establishing a new seeiosn. Make sure you keep the original session open just in case :-)

HTH and please rate.

New Member

Re: aaa tacacs+ with backup local auth

Thanks, I changed the key and tested it. You were correct. :)

692
Views
5
Helpful
2
Replies
CreatePlease to create content