https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373828#M118979 <HTML><HEAD></HEAD><BODY><P>Ismail,</P><P></P><P>This is your answer:</P><P>aaa authentication login default local group radius/tacacs</P><P></P><P><SPAN class="active_link">Parthapratim</SPAN> - A little correction,it will go to radius or tacacs + if the user is not present locally.</P><P></P><P>The local DB differs in the way fallback works which is the exception.</P><P></P><P>**Share your knowledge. It’s a way to achieve immortality. <BR />--Dalai Lama** <BR /> <BR />Please Rate if helpful. <BR />Regards <BR />Ed</P></BODY></HTML> Mon, 09 Dec 2013 11:02:17 GMT edwjames 2013-12-09T11:02:17Z https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373826#M118977 <P>Hi,</P><P></P><P>I already have AAA authentication setup on my switch. And I can use local users to login when the AAA server is unreachable.</P><P>But I want to know if it is possible to use local users even when the AAA server is reachable. Something like first it checks the local users databse and if the user does not exists then fallback to AAA or vice versa.</P><P></P><P>Thanks.</P> Mon, 11 Mar 2019 04:10:03 GMT https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373826#M118977 ismailfayaz 2019-03-11T04:10:03Z https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373827#M118978 <HTML><HEAD></HEAD><BODY><P>Ismail, the authentication method you define act as a service. So only when the service is not avilable the method fallback to the next methond you define. </P><P></P><P>So in your case if the user account is not present in the local data base it will not fallback to aaa server.</P><P>aaa authentication login default local group radius </P><P></P><P> The same holds true if the user account is not there in the aaa server</P><P> aaa authentication login default group radius local</P><PRE><BR /></PRE><P> Only when the aaa server is not responding (service downe or not reachable) it will fallback to the local database. </P><P></P><P>Hope this helps!</P></BODY></HTML> Mon, 09 Dec 2013 05:28:25 GMT https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373827#M118978 parsahoo 2013-12-09T05:28:25Z https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373828#M118979 <HTML><HEAD></HEAD><BODY><P>Ismail,</P><P></P><P>This is your answer:</P><P>aaa authentication login default local group radius/tacacs</P><P></P><P><SPAN class="active_link">Parthapratim</SPAN> - A little correction,it will go to radius or tacacs + if the user is not present locally.</P><P></P><P>The local DB differs in the way fallback works which is the exception.</P><P></P><P>**Share your knowledge. It’s a way to achieve immortality. <BR />--Dalai Lama** <BR /> <BR />Please Rate if helpful. <BR />Regards <BR />Ed</P></BODY></HTML> Mon, 09 Dec 2013 11:02:17 GMT https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373828#M118979 edwjames 2013-12-09T11:02:17Z https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373829#M118980 <HTML><HEAD></HEAD><BODY><P>Edward,</P><P></P><P>Thanks for your reply.</P><P>It works perfectly.</P></BODY></HTML> Mon, 09 Dec 2013 11:49:22 GMT https://community.cisco.com/t5/network-access-control/aaa-and-local-user-authentication/m-p/2373829#M118980 ismailfayaz 2013-12-09T11:49:22Z