Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

N1KV - radius aaa auth with local account fallback

Attempting to setup aaa authentication using Radius, withability to fall back to locally defined accounts.

configuration is;

aaa authentication login default group Radius_Auth none

With N1KV we are unable to add "local" as an option after a group, as we do with physical routers and switches.

If the login account is not part of the Radius aaa group, logins fail and the locally defined accounts are never used.

Are we missing something?

1 REPLY
New Member

Re: N1KV - radius aaa auth with local account fallback

Hi,

if not specified, local fallback for atuhentication is the default behavior on nexus 1000v (http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_3aaa.html#wp1174514)

However I'm quite sure local account database is queried only if radius servers are unreachable, so users not havign a radius account can't access as long as the radius servers are reachable by the switch.

Hope this helps,

Alberto

1146
Views
0
Helpful
1
Replies
CreatePlease to create content