Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Does UCS fallback to local authentication when TACACS fail?

I am considering configuring UCS to use TACACS but can't find any documentaion to suggest if the UCS would fallback

to Local when TACACS fail.  One would assume that it would so any link or pointers would be appreciated. Thank you.

4 REPLIES
Bronze

Re: Does UCS fallback to local authentication when TACACS fail?

No it doesn't, you won't be able to log on.  For this reason you should always configure Console access as Local as a safety net / fall back should TACACS fail.  THen at least you can console in, change the auth to Local and use local accounts.

So in effect, you have to "manually fall back to local" - it isn't automatic.

Cheers

Steve

Community Member

Re: Does UCS fallback to local authentication when TACACS fail?

Oh, Thank you for the information. Since console acccess means command line only.

Am i right to suggest that one should know how to make changes and back out via command line

as the Web GUI won't be available when TACACS goes down?

Community Member

Does UCS fallback to local authentication when TACACS fail?

I read this post and thought fallback was not supported but have since found out that Steve was incorrect in his statement.

If you look at the user guide you will see that it states:

"If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password."

Upon testing indeed fallback works properly.

Cisco Employee

Does UCS fallback to local authentication when TACACS fail?

Adding on Tims post.  This behaviour is documented here:

http://www.cisco.com/en/US/docs/unified_computing/ucs/sw/cli/config/guide/2.0/UCSM_CLI_Configuration_Guide_2_0_chapter7.html#d15831e2899_navtitle

Provider Groups

A provider group is a set of providers that will be used by Cisco UCS during the authentication process. Cisco UCS Manager allows you to create a maximum of 16 provider groups, with a maximum of eight providers allowed per group.

During authentication, all the providers within a provider group are tried in order. If all of the configured servers are unavailable or unreachable, Cisco UCS Manager automatically falls back to the local authentication method using the local username and password.

2862
Views
1
Helpful
4
Replies
CreatePlease to create content