08-01-2007 07:26 AM - edited 03-10-2019 03:18 PM
Hello,
We have implimented an 5520 device and configured it for ACS successfully. I want to also have a local database with a few accounts in the event our ACS server went down. I am having trouble finding documentation for the syntax I need to enter on this 5520 device configuration so I can have redundacy for AAA...can some help with this? TIA, Gary
08-01-2007 08:49 AM
following command will help
aaa authentication ssh console server_group Local
So if AAA server is not available it will fallback to local database.
Following link can give more details:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1042026
~Rohit
08-01-2007 11:06 AM
Thank so much for information. I printed out the pdf. I am having an issue figuring out the syntax to create a server_group? I have look at the command lines but have not be successful. Can you advise on how to give the device a server group name? TIA, Gary
08-01-2007 11:19 AM
Can configure server group by following commands:
aaa-server server_group protocol {kerberos | ldap | nt | radius | sdi | tacacs+}
aaa-server server_group (interface_name) host server_ip
See the following link:
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/aaa.html#wp1039757
~Rohit
08-02-2007 09:51 AM
Hi ,
Check this example
aaa-server SERVER protocol tacacs+
aaa-server SERVER host 1.1.1.1
key $har3dK3y
This command applies the server group to the vty or
console lines:
==========
aaa authentication ssh console SERVER LOCAL <---
For SSH sessions
aaa authentication serial console SERVER LOCAL
<--- For console access
Hope that helps
Regards,
JG~
Please rate helpful posts
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: