Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.0.0.21 Appliance

Hi,

I am using ACS 5.0.0.21 appliance, I have configured the network device and using the ACS local database for authentication.It is working fine.

Now I need if ACS fails or client not able to communicate to ACS I should be able to login to the device using device local crdentials.Is this possible?

Thanks in advance.

Ghanshyam Saini

3 REPLIES

Re: ACS 5.0.0.21 Appliance

Yes this can be done. Just create local users on the device e.g.

username JainCisco privilege 15 password VeRYS$Cure

Then modify your current AAA authentication method list as follows:

aaa authentication login group tacacs+ local-case

Now whenever the TACACS server is down, the local database will be queried for authentication.

Regards

Farrukh

P.S if you have other lists configured for ACS then you need to edit them as well (e.g. enable authentication, or authorization for exec etc)

New Member

Re: ACS 5.0.0.21 Appliance

Thanks a Ton! it works, i need one more help, i have created a group (and users in that) with level 7 access in that group shell profile, but they are not able to use sh run etc, commands on the devices...any clue

Re: ACS 5.0.0.21 Appliance

Please have a look at this document:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml

If it above document does not solve the issue, post the AAA commands configred on the device ("show run | inc aaa|tacacs"), and if possible a screenshot of the command author. set in ACS.

Regards

Farrukh

392
Views
5
Helpful
3
Replies
CreatePlease to create content