Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS AAA and LOCAL AAA database...


We have implimented an 5520 device and configured it for ACS successfully. I want to also have a local database with a few accounts in the event our ACS server went down. I am having trouble finding documentation for the syntax I need to enter on this 5520 device configuration so I can have redundacy for AAA...can some help with this? TIA, Gary

Cisco Employee

Re: ACS AAA and LOCAL AAA database...

following command will help

aaa authentication ssh console server_group Local

So if AAA server is not available it will fallback to local database.

Following link can give more details:


New Member

Re: ACS AAA and LOCAL AAA database...

Thank so much for information. I printed out the pdf. I am having an issue figuring out the syntax to create a server_group? I have look at the command lines but have not be successful. Can you advise on how to give the device a server group name? TIA, Gary

Cisco Employee

Re: ACS AAA and LOCAL AAA database...

Can configure server group by following commands:

aaa-server server_group protocol {kerberos | ldap | nt | radius | sdi | tacacs+}

aaa-server server_group (interface_name) host server_ip

See the following link:


Re: ACS AAA and LOCAL AAA database...

Hi ,

Check this example

aaa-server SERVER protocol tacacs+

aaa-server SERVER host

key $har3dK3y

This command applies the server group to the vty or

console lines:


aaa authentication ssh console SERVER LOCAL <---

For SSH sessions

aaa authentication serial console SERVER LOCAL

<--- For console access

Hope that helps



Please rate helpful posts