Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1527
Views
0
Helpful
2
Replies

Configuring AAA with backup line and enable

dkorell
Level 1
Level 1

‎08-11-2003 01:32 PM - edited ‎03-10-2019 07:26 AM

I have AAA pointing to ACS 3.1 and works fine. In case it's ever down, I want to use the line and enable passwords as a backup. I think I have it working properly but if someone else is using this method, can you confirm I have this right:

aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

The authorization with "if-authenticated" is the only way I can figure out how to allow exec privleges if I have to use the line and enable passwords. Otherwise it gives me an authorization failed error after trying to authenticate.

Labels:
0 Helpful
2 Replies 2

gfullage
Cisco Employee
Cisco Employee

‎08-12-2003 09:20 PM

This looks fine. Instead of "if-authenticated" you could use "none" so that there'll be no authorization done if the TACACS server is not available, either one will work for you.

0 Helpful

dkorell
Level 1
Level 1
In response to gfullage

‎08-13-2003 09:55 AM

That will work. Thanks for the response.

0 Helpful
Customers Also Viewed These Support Documents