Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

local authentication

Hi,

I want a back up login defined in case the authentiation server can't

be reached. I thought this command was working but today when

I went to roll out the config, I tested the username/password combo

and I failed to login to the switch.

Is this the correct command to enable tacacs+ with a

fallback to locallly defined username password?

aaa authentication login default group tacacs+ local

If this is correct, is there some internal mechinism that

says the login has to fail to the tacacs+ server before the

locally defined username/password will be used?

Thanks.

1 REPLY
New Member

Re: local authentication

Hi,

For Catalyst 6000 and 4000, Please use the following statements to override Authentication failure:

set authorization exec enable if-authenticated none console

set authorization exec enable if-authenticated none telnet

This will be your enable secret password that you've configured on your switch.

Hope this will help you resolve your issue.

Raj

NYC Department of Correction

134
Views
0
Helpful
1
Replies
CreatePlease login to create content