Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1553
Views
10
Helpful
3
Replies

AAA and local user authentication

Go to solution
ismailfayaz
Level 1
Level 1

‎12-08-2013 06:19 AM - edited ‎03-10-2019 09:10 PM

Hi,

I already have AAA authentication setup on my switch. And I can use local users to login when the AAA server is unreachable.

But I want to know if it is possible to use local users even when the AAA server is reachable. Something like first it checks the local users databse and if the user does not exists then fallback to AAA or vice versa.

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
edwjames
Level 3
Level 3
In response to parsahoo

‎12-09-2013 03:02 AM

Ismail,

This is your answer:

aaa authentication login default local group radius/tacacs

Parthapratim - A little correction,it will go to radius or tacacs + if the user is not present locally.

The local DB differs in the way fallback works which is the exception.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

View solution in original post

3 Replies 3

Go to solution
parsahoo
Cisco Employee
Cisco Employee

‎12-08-2013 09:28 PM

Ismail, the authentication method you define act as a service. So only when the service is not avilable the method fallback to the next methond you define.

So in your case if the user account is not present in the local data base it will not fallback to aaa server.

aaa authentication login default local group radius

The same holds true if the user account is not there in the aaa server

aaa authentication login default group radius local


Only when the aaa server is not responding (service downe or not reachable) it will fallback to the local database.

Hope this helps!

0 Helpful

Go to solution
edwjames
Level 3
Level 3
In response to parsahoo

‎12-09-2013 03:02 AM

Ismail,

This is your answer:

aaa authentication login default local group radius/tacacs

Parthapratim - A little correction,it will go to radius or tacacs + if the user is not present locally.

The local DB differs in the way fallback works which is the exception.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed

Go to solution
ismailfayaz
Level 1
Level 1

‎12-09-2013 03:49 AM

Edward,

Thanks for your reply.

It works perfectly.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents