Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Does UCS fallback to local authentication when TACACS fail?

I am considering configuring UCS to use TACACS but can't find any documentaion to suggest if the UCS would fallback

to Local when TACACS fail.  One would assume that it would so any link or pointers would be appreciated. Thank you.

4 REPLIES
Bronze

Re: Does UCS fallback to local authentication when TACACS fail?

No it doesn't, you won't be able to log on.  For this reason you should always configure Console access as Local as a safety net / fall back should TACACS fail.  THen at least you can console in, change the auth to Local and use local accounts.

So in effect, you have to "manually fall back to local" - it isn't automatic.

Cheers

Steve

New Member

Re: Does UCS fallback to local authentication when TACACS fail?

Oh, Thank you for the information. Since console acccess means command line only.

Am i right to suggest that one should know how to make changes and back out via command line

as the Web GUI won't be available when TACACS goes down?

New Member

Does UCS fallback to local authentication when TACACS fail?

I read this post and thought fallback was not supported but have since found out that Steve was incorrect in his statement.

If you look at the user guide you will see that it states:

"If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password."

Upon testing indeed fallback works properly.

New Member

Does UCS fallback to local authentication when TACACS fail?

Adding on Tims post.  This behaviour is documented here:

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/UCSM_CLI_Configuration_Guide_2_0_chapter7.html#d15831e2899_navtitle

Provider Groups

A provider group is a set of providers that will be used by Cisco UCS during the authentication process. Cisco UCS Manager allows you to create a maximum of 16 provider groups, with a maximum of eight providers allowed per group.

During authentication, all the providers within a provider group are tried in order. If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password.

2797
Views
1
Helpful
4
Replies