Re: Authentication backup to AAA

rogel.martinez · ‎03-18-2004

Is there a configuration to have a backup authentication for the enable mode for the PIX 501. I currently have a 501 configured to authenticate to a AAA server, but want to have a backup like a local authentication, in case the connection is lost, any help is much appreciated, thanks

drolemc · ‎03-24-2004

I do not think that there is a backup method available for enable mode authentication. However, backup in certain cases is possible such as for ssh, where the username pix and the enable password can be used in case AAA server is doen. For more information, you could refer to http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a0080104239.html#1025384

stevep · ‎03-24-2004

Yes there is. Create a username with the relevant privilege level, define your aaa-server then issue the following command:

aaa authentication enable console (server_tag) LOCAL

If your AAA server cannot be contacted within the default timeout of 5 seconds then the local database will be consulted. Remember that the keyword local when issued in this configuration MUST be configured in upper case as shown above.

Good Luck

stevep · ‎03-26-2004

Sorry Rogel,

Ignore my previous comment as I just tried it and it doesn't work. I am attending CSPFA course next week so I shall ask as to whether Cisco are planning on implementing the DEFAULT cmd as in IOS for use in AAA.