Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Secure ACS 4.0 / local authentication

Hey all,

I'm sure this is a very simple problem but I can't seem to get local authentication done as a second choice on any device if I use radius. It works if I use tacacs+. The lines I have set in AAA are:

aaa authentication login default group cwtest001 local-case

aaa authentication dot1x default group cwtest001 none

aaa authorization config-commands

aaa authorization exec default group cwtest001 local

aaa authorization network default group cwtest001

aaa accounting auth-proxy default start-stop group tacacs+

where cwtest001 has been defined.

This line in question:

aaa authentication login default group cwtest001 local-case

I have tried every variation I can think of (I think). From SecureACS side, the device is set to use Radius IETF as authentication. I can log into the device without a problem using network credentials but in case this server goes down, I want the ability to use a local account on the device as backup.

Any help is appreciated.



Re: Secure ACS 4.0 / local authentication

You have set the authentication to Local. Are you sure, you have the user name and password configured in the local database?. Because, you might have mistakenly missed out that information to be added.


Re: Secure ACS 4.0 / local authentication

For Cisco APs, set the ACS up for Cisco Wireless.

If you're not GUI-phobic, set up the RADIUS server/local auth according to their preferred order in the WebGUI on the security page.

How many users/userids do you have?

The local RADIUS / user base can only handle ~50 entities (and I think that's a hard-limited count).

Good Luck


CreatePlease to create content