Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can tacacs be configured as fallback to LOCAL in aaa

I would like to know if it is possible to configure LOCAL database as the primary login method when the user account is not available in the database it could try authenticating with the Tacacs? if so what is command.

This is required on PIX 6.3

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Can tacacs be configured as fallback to LOCAL in aaa

If the user is not found, authentication simply fails and doesn't fall back to the next method... fallback is for when the authentication method does not receive a reply from the server (usually for RADIUS/TACACS not responding then try LOCAL; not the other way around)

Patrick

Can tacacs be configured as fallback to LOCAL in aaa

Hello,

Just do add.

Here is the example:

pixfirewall(config)# aaa authentication ssh console LOCAL ?

configure mode commands/options:

 

When using the local database as the first option, no other option available

But when using any other database

pixfirewall(config)# aaa authentication ssh console RADIUS ?

configure mode commands/options:

  LOCAL  If all servers in the server group have been deactivated,

         authentication will be done against the local database

So I think that answers your question right?

Regards

Jcarvaja

follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
3 REPLIES

Can tacacs be configured as fallback to LOCAL in aaa

If the user is not found, authentication simply fails and doesn't fall back to the next method... fallback is for when the authentication method does not receive a reply from the server (usually for RADIUS/TACACS not responding then try LOCAL; not the other way around)

Patrick

Can tacacs be configured as fallback to LOCAL in aaa

Hello,

Just do add.

Here is the example:

pixfirewall(config)# aaa authentication ssh console LOCAL ?

configure mode commands/options:

 

When using the local database as the first option, no other option available

But when using any other database

pixfirewall(config)# aaa authentication ssh console RADIUS ?

configure mode commands/options:

  LOCAL  If all servers in the server group have been deactivated,

         authentication will be done against the local database

So I think that answers your question right?

Regards

Jcarvaja

follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Can tacacs be configured as fallback to LOCAL in aaa

Thanks for the responses, i got it sorted for the internal.

497
Views
0
Helpful
3
Replies
CreatePlease to create content