Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Local authorization configuration

I have our ASA's authenticating against ACS (tacacs+) and using ACS authorization which all works, but when the ACS server is unavailable I can log in using local authentication but I have no authorization rights. Is there a way to grant full authorization rights to the local user if ACS is unavailable?

I am using

aaa authentication ssh console <tacacs> LOCAL

aaa authorization ssh console <tacacs> LOCAL

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Local authorization configuration

Hi,

You should have a local user on the ASA with privilege 15

You can add local user like this:

(config)#username password privilege 15

so this user account will have full access when your tacacs goes down.

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
2 REPLIES
Cisco Employee

Re: Local authorization configuration

Hi,

You should have a local user on the ASA with privilege 15

You can add local user like this:

(config)#username password privilege 15

so this user account will have full access when your tacacs goes down.

HTH

JK

Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
New Member

Re: Local authorization configuration

Yea I did have that user.. it was becuase I had not fully logged out after applying the commands.. all okay now.. thanks

203
Views
5
Helpful
2
Replies
CreatePlease to create content