Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
2
Replies

local Authentication fails

Lance Wendel
Level 1
Level 1

‎05-18-2012 07:24 AM - edited ‎03-10-2019 07:06 PM

Hi all,

I have strang situation, when you try to authenticate with the local username and password, switch keeps bouncing back for user name and password

though I have given the correct information

*****************************************************

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ none

aaa authorization exec no_tac none

aaa authorization commands 15 default group tacacs+ none

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

*************************************************************************

Based on the

aaa authentication login default group tacacs+ local

if you fails to authenticate with the ACS server, router/Switch will look for local authentication, correct.

I have created a user & a password localy on the device. when try to enter the local username/pass switch keeps bouncing back for username and password.

kindly help please

thanks in advance

Lance

Labels:
0 Helpful
2 Replies 2

Eduardo Aliaga
Level 4
Level 4

‎05-18-2012 11:15 PM

If you fail to authenticate with ACS server then ACS will tell the device to deny access to that particular user. The device won't look for local authentication.

The only way it will look for local authentication is if ACS is not responding at all.

0 Helpful

Lance Wendel
Level 1
Level 1
In response to Eduardo Aliaga

‎05-21-2012 03:04 AM

Hi Aduado

thanks for the reply, I understand what you say, but even the AACS server is not responding this fails.

what we did, we took another switch and configure the same way as the failing device .

then we placed a firewall between the switch and the ACS server and block any request from the switch going to the

ACS server. we could see the firewall is dropping the request send via switch to the ACS and been dropped.

however the switch is not falling back to the local authentication

when we provide the local username/pass it just keeps on asking for username and password

the IOS is 12.2(33)SXI3 (s72033_rp-ADVIPSERVICESK9_WAN-VM), could not find any bugs relate to this issue.

thanks you for the support

Lancellot

0 Helpful
Customers Also Viewed These Support Documents