Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

tacacs+ local logins

can somebody point me to a config guide for setting up tacacs authentication with failover to local login if tacs fails???

thanks...

bruce

3 REPLIES

Re: tacacs+ local logins

Hi Bruce,

The config may be similar to the following:

aaa new-model

aaa authentication login default group tacacs+ local

tacacs-server host 10.10.10.10

tacacs-server key YYYYYYYYY

username TESTUSER privilege x password ZZZZZZZZZ

This implements the failover scenario you requested.

If the communication with the tacacs-server fails then the local user database will be used for authentication.

The "aaa authentication login default group tacacs+ local" command has the effect on all lines by default, including the console line.

If you want to implement this on select lines only then you have to create a named authentication method:

aaa authentication login TEST group tacacs+ local

line vty 0 4

login authentication TEST

In this case the authentication method will have effect on the vty lines 0 to 4 only.

Cheers:

Istvan

Community Member

Re: tacacs+ local logins

Thanks Istvan

appreciate the information...I was hoping to read a bit about the configuration...I'll test this config you provided in my test bed...

thanksagain.

Hall of Fame Super Gold

Re: tacacs+ local logins

144
Views
4
Helpful
3
Replies
CreatePlease to create content