topic AAA authentication local failover in Network Access Control https://community.cisco.com/t5/network-access-control/aaa-authentication-local-failover/m-p/1859339#M204001 <P>Hi </P><P></P><P>We have following configuration for aaa on L3 switch</P><P></P><P>CASE 1</P><P></P><P>aaa authentication login default group radius local</P><P>aaa authentication enable default enable</P><P>aaa authorization exec default group radius if-authenticated </P><P>aaa authorization commands 15 default group tacacs+ if-authenticated </P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P></P><P>radius-server host ******* auth-port 1645 acct-port 1813</P><P>radius-server key ************</P><P></P><P>line vty 0 4</P><P> access-class acl-VTY in</P><P> exec-timeout 9 30</P><P> password 7 ********</P><P> transport input ssh</P><P></P><P></P><P>username cisco password **********</P><P>enable secret *********</P><P></P><P>In this configuration in order to test the local user (cisco) a radius server key was removed. </P><P>Even then local user was not able to login to the router. No idea why?</P><P>One point is we dont have authorization and accounting configured on the RADIUS does this cause the problem?</P><P></P><P>==================================================================================</P><P></P><P>CASE 2: ( router 2 )</P><P></P><P>aaa authentication login default group radius local</P><P>aaa authentication enable default enable</P><P>aaa authorization exec default group radius if-authenticated </P><P></P><P></P><P>radius-server host ******* auth-port 1645 acct-port 1813</P><P>radius-server key ************</P><P></P><P>line vty 0 4</P><P> access-class acl-VTY in</P><P> exec-timeout 9 30</P><P> password 7 ********</P><P> transport input ssh</P><P></P><P></P><P>username cisco password **********</P><P>enable secret *********</P><P></P><P></P><P>No authorization / accounting commands configured. Here local user authentication works after removing the RADIUS key.</P><P></P><P>Please share the experience.</P><P></P><P>Thanks</P><P>Subodh </P> Mon, 11 Mar 2019 01:47:16 GMT bapatsubodh 2019-03-11T01:47:16Z AAA authentication local failover https://community.cisco.com/t5/network-access-control/aaa-authentication-local-failover/m-p/1859339#M204001 <P>Hi </P><P></P><P>We have following configuration for aaa on L3 switch</P><P></P><P>CASE 1</P><P></P><P>aaa authentication login default group radius local</P><P>aaa authentication enable default enable</P><P>aaa authorization exec default group radius if-authenticated </P><P>aaa authorization commands 15 default group tacacs+ if-authenticated </P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P></P><P>radius-server host ******* auth-port 1645 acct-port 1813</P><P>radius-server key ************</P><P></P><P>line vty 0 4</P><P> access-class acl-VTY in</P><P> exec-timeout 9 30</P><P> password 7 ********</P><P> transport input ssh</P><P></P><P></P><P>username cisco password **********</P><P>enable secret *********</P><P></P><P>In this configuration in order to test the local user (cisco) a radius server key was removed. </P><P>Even then local user was not able to login to the router. No idea why?</P><P>One point is we dont have authorization and accounting configured on the RADIUS does this cause the problem?</P><P></P><P>==================================================================================</P><P></P><P>CASE 2: ( router 2 )</P><P></P><P>aaa authentication login default group radius local</P><P>aaa authentication enable default enable</P><P>aaa authorization exec default group radius if-authenticated </P><P></P><P></P><P>radius-server host ******* auth-port 1645 acct-port 1813</P><P>radius-server key ************</P><P></P><P>line vty 0 4</P><P> access-class acl-VTY in</P><P> exec-timeout 9 30</P><P> password 7 ********</P><P> transport input ssh</P><P></P><P></P><P>username cisco password **********</P><P>enable secret *********</P><P></P><P></P><P>No authorization / accounting commands configured. Here local user authentication works after removing the RADIUS key.</P><P></P><P>Please share the experience.</P><P></P><P>Thanks</P><P>Subodh </P> Mon, 11 Mar 2019 01:47:16 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-local-failover/m-p/1859339#M204001 bapatsubodh 2019-03-11T01:47:16Z