Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

TACACS+ and Local Authentication Simultaneously

Is there any way that authentication can be configured to use TACACS+ and local authentication simultaneously.  For example, most users will have user profiles and will be authenticated using a TACACS server, but a few accounts will be configured locally on the Cisco device.  I have used the following two configurations:

aaa authentication login default group tacacs+ local

(This configuration only goes to the local database if communication with the TACACS server fails completely)

aaa authentication login default local group tacacs+

(This configuration only checks the local database and never goes to the TACACS server)

I have not been able to find a configuration that will use TACACS and local authentication simultaneously

Cisco Employee

Re: TACACS+ and Local Authentication Simultaneously

You cannot do what you are trying to do. For (default login you need to use the first policy matched.

you can diversify telnet/ssh with http by  creating different aaa groups.

But still you will be loging in for telnet users (all of them) using one method.

I hope it is clear.