Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to configure routers for local authentication in the absence of AAA servers

Core issue

Set up the router in such a way so that it can failback to local accounts if the radius is unavailable.


These are the commands that can be configured on the router in order to achieve this functionality:

Router(config)#username [username] password [password]
tacacs-server host [ip]
tacacs-server key [key]
aaa new-model
Router(config)#aaa authentication login default group tacacs+ local

Router(config)#aaa authorization exec default group tacacs+ if-authenticated

Router(config)#aaa accounting commands 1 default start-stop group tacacs+
Router(config)#aaa accounting commands 15 default start-stop group tacacs+

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 03:39 PM
Updated by:
Labels (1)
Everyone's tags (3)