topic Re: AAA config for PIX in Network Access Control https://community.cisco.com/t5/network-access-control/aaa-config-for-pix/m-p/423494#M429178 <HTML><HEAD></HEAD><BODY><P>You can add a command like this</P><P></P><P>aaa authentication login default tacacs local</P><P></P><P>aaa authentication login CONSOLE local </P><P></P><P>So if Tacacs fail local will take over.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#login_auth" target="_blank">http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#login_auth</A></P></BODY></HTML> Thu, 12 May 2005 14:16:40 GMT ebreniz 2005-05-12T14:16:40Z AAA config for PIX https://community.cisco.com/t5/network-access-control/aaa-config-for-pix/m-p/423493#M429175 <P>Hello folks!!!</P><P></P><P>In my PIX 515E I hv configured AAA configuration(tacacs+) &amp; hv also configured serial console authentication as "local" &amp; telnet console authentication from tacacs+ server.Apart from this I hv also configured authorization as "tacacs+" server.Now if AAA server is not available Iam able to go in to user mode with the "enable pwd" set in PIX but if I try to go into enable mode it gives error msg "AAA command authorization failed" since it looks for AAA server for authorization &amp; that is not available.Is there a way by which I can overcome this by configuring "local" authorization as a fallback incase the AAA server is not available </P><P></P><P>Cheers</P><P>SS</P> Sun, 10 Mar 2019 21:08:48 GMT https://community.cisco.com/t5/network-access-control/aaa-config-for-pix/m-p/423493#M429175 sikkander 2019-03-10T21:08:48Z Re: AAA config for PIX https://community.cisco.com/t5/network-access-control/aaa-config-for-pix/m-p/423494#M429178 <HTML><HEAD></HEAD><BODY><P>You can add a command like this</P><P></P><P>aaa authentication login default tacacs local</P><P></P><P>aaa authentication login CONSOLE local </P><P></P><P>So if Tacacs fail local will take over.</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#login_auth" target="_blank">http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml#login_auth</A></P></BODY></HTML> Thu, 12 May 2005 14:16:40 GMT https://community.cisco.com/t5/network-access-control/aaa-config-for-pix/m-p/423494#M429178 ebreniz 2005-05-12T14:16:40Z