Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

TACACS+ & local account Concern

Hi,

Does the folllowing lines means that initially the authentication would be ACS-Server and incase ACS-Server is down then it would allow router-local username/password [[ Is this True ]]

aaa authentication ppp default group radius local

aaa authentication login default local

5 REPLIES

Re: TACACS+ & local account Concern

If you are doing PPP connection (Dial-up), then true.

If you are trying to log into device for management(telnet/ssh), then no, then following command will be evaluated,

aaa authentication login default local

i.e. only local database will be checked.

Regards,

Prem

Please rate if it helps!

New Member

Re: TACACS+ & local account Concern

thanks Prem for your reply.

I would be logging into device for management (telnet/ssh)

So whats required to fillfull my requirement...

Re: TACACS+ & local account Concern

If you are using radius as the protocol,

radius-server host key

aaa authentication login default group radius local

If using tacacs+ as the protocol,

tacacs-server host key

aaa authentication login default group tacacs+ local

ACS needs to be configured accordingly.

Regards,

Prem

Please rate if it helps!

New Member

Re: TACACS+ & local account Concern

Thanks Prem..

I need to understand if the ACS Box is not reachable then how could I authenticate based on the following commands -::-

tacacs-server host key

aaa authentication login default group tacacs+ local

Re: TACACS+ & local account Concern

Have a user on local device, something like,

username admin privilege 15 password pa55w0rd

Then when Tacacs server is not available, you can log into device using the above created user account on the device.

Regards,

Prem

Please rate if it helps!

130
Views
0
Helpful
5
Replies