topic PIX authentication using Tacacs ( ACS) in Network Access Control https://community.cisco.com/t5/network-access-control/pix-authentication-using-tacacs-acs/m-p/416800#M5853 <P>I have configured my pix to authentication using tacacs first; if tacacs is not available it must fall back to LOCAL authentication. The TACACS authentication works fine, when I take out the ACS from the network, the local authentication works as well. The problem is when the ACS comes back online, the PIX do not want to authenticate to TACACS anymore, and it only accept the LOCAL username and password. If I reboot the PIX the tacacs username and Password works again. Can someone help me with this problem? I don't want to reboot my PIX now and then. Please find my configuration for the PIX.</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server TACACS+ max-failed-attempts 3</P><P>aaa-server TACACS+ deadtime 10</P><P>aaa-server TACACS+ (inside) host 1.1.1.1 xxxxx timeout 10</P><P>aaa-server LOCAL protocol local</P><P>aaa authentication telnet console TACACS+ LOCAL</P><P>aaa authentication enable console TACACS+ LOCAL</P><P>username xxxxx password xxxxxx encrypted privilege 15</P><P></P> Fri, 21 Feb 2020 18:13:04 GMT amashau 2020-02-21T18:13:04Z PIX authentication using Tacacs ( ACS) https://community.cisco.com/t5/network-access-control/pix-authentication-using-tacacs-acs/m-p/416800#M5853 <P>I have configured my pix to authentication using tacacs first; if tacacs is not available it must fall back to LOCAL authentication. The TACACS authentication works fine, when I take out the ACS from the network, the local authentication works as well. The problem is when the ACS comes back online, the PIX do not want to authenticate to TACACS anymore, and it only accept the LOCAL username and password. If I reboot the PIX the tacacs username and Password works again. Can someone help me with this problem? I don't want to reboot my PIX now and then. Please find my configuration for the PIX.</P><P>aaa-server TACACS+ protocol tacacs+</P><P>aaa-server TACACS+ max-failed-attempts 3</P><P>aaa-server TACACS+ deadtime 10</P><P>aaa-server TACACS+ (inside) host 1.1.1.1 xxxxx timeout 10</P><P>aaa-server LOCAL protocol local</P><P>aaa authentication telnet console TACACS+ LOCAL</P><P>aaa authentication enable console TACACS+ LOCAL</P><P>username xxxxx password xxxxxx encrypted privilege 15</P><P></P> Fri, 21 Feb 2020 18:13:04 GMT https://community.cisco.com/t5/network-access-control/pix-authentication-using-tacacs-acs/m-p/416800#M5853 amashau 2020-02-21T18:13:04Z Re: PIX authentication using Tacacs ( ACS) https://community.cisco.com/t5/network-access-control/pix-authentication-using-tacacs-acs/m-p/416801#M5854 <HTML><HEAD></HEAD><BODY><P>set the deadtime to "0", this way it will always check with the tacacs server before falling back to the local user database. Hope this helps.</P></BODY></HTML> Wed, 27 Jul 2005 12:07:44 GMT https://community.cisco.com/t5/network-access-control/pix-authentication-using-tacacs-acs/m-p/416801#M5854 vasthorvak 2005-07-27T12:07:44Z