If possible, I have a router configured to authenticate all incomming dialin users to authenticate against an RSA Server running SecureID, this is working fine. What I want to do is have one user authenticate against the local database, so can I have some users authenticate with an external database and others with the local database. Or is either one or the other.
1/ Make a new group and place the user in the this group. The user can authenticate against the local database. The other users are authenticate against the RSA database.
2/ If all users are in the same group than the user properties can be changed for that user. Select for that user to authenticate against the local database.
If the user makes a connection the router send it to the ACS server and the server check the properties of the user. For this user it has to ask it's local database.
I always use this for testing. I create a user for testing (authenticate against the RSA database) and one user for local database. Now I can see if my router is configurred correctly and were the problem exsists if I can't loggin.
Thanks for that reply, but its not exactly what Im looking for. What I think that you are suggestion is that I create another group within the ACS Server and authenticate them on the local database.
What I want to do is authenticate them against the local router database (Have the router authenticate them against locally configured usernames and passwords) only one user and have the rest sent of for Radius Authentication.
So if I dial in as user A I get authenticated locally, and if I dial in as user B I get authenticated against Radius.
No you can't do this. You can have the local database as a backup for the Radius database in case Radius is not available, but there's no way to say that user x is local whereas users y and z are on the Radius server.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...