TACACS+ and Local Authentication Simultaneously

scott3560 — Mon, 11 Mar 2019 00:24:03 GMT

Is there any way that authentication can be configured to use TACACS+ and local authentication simultaneously. For example, most users will have user profiles and will be authenticated using a TACACS server, but a few accounts will be configured locally on the Cisco device. I have used the following two configurations:

aaa authentication login default group tacacs+ local

(This configuration only goes to the local database if communication with the TACACS server fails completely)

aaa authentication login default local group tacacs+

(This configuration only checks the local database and never goes to the TACACS server)

I have not been able to find a configuration that will use TACACS and local authentication simultaneously

Re: TACACS+ and Local Authentication Simultaneously

Panos Kampanakis — Mon, 13 Sep 2010 18:34:04 GMT

You cannot do what you are trying to do. For (default login you need to use the first policy matched.

you can diversify telnet/ssh with http by creating different aaa groups.

But still you will be loging in for telnet users (all of them) using one method.

I hope it is clear.

topic Re: TACACS+ and Local Authentication Simultaneously in Network Access Control

TACACS+ and Local Authentication Simultaneously

Re: TACACS+ and Local Authentication Simultaneously