The switch will always try to authenticate AD credentials as the ACS is still up. The fallback for AAA on the IOS will be triggered only when the ACS (in this specific scenario) is down. At that point the switch will get a timeout and move to the "local" IOS database as fallback.
You can configure the AAA command with "local" in front of "group tacacs+" as follows:
aaa authentication login default local group tacacs+
The above command will allow you to authenticate on the switch with both Local IOS credentials and TACACS+ credentials.
For your simulated downtime the IOS will not fallback to the local credentials as the ACS is still able to reply with a Reject to the switch even when the AD is down.
The suggested command will allow you to access the IOS with Local or TACACS+ credentials.
Please rate if you find the provided information helpful.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...