Hi
We have following configuration for aaa on L3 switch
CASE 1
aaa authentication login default group radius local
aaa authentication enable default enable
aaa authorization exec default group radius if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
radius-server host ******* auth-port 1645 acct-port 1813
radius-server key ************
line vty 0 4
access-class acl-VTY in
exec-timeout 9 30
password 7 ********
transport input ssh
username cisco password **********
enable secret *********
In this configuration in order to test the local user (cisco) a radius server key was removed.
Even then local user was not able to login to the router. No idea why?
One point is we dont have authorization and accounting configured on the RADIUS does this cause the problem?
==================================================================================
CASE 2: ( router 2 )
aaa authentication login default group radius local
aaa authentication enable default enable
aaa authorization exec default group radius if-authenticated
radius-server host ******* auth-port 1645 acct-port 1813
radius-server key ************
line vty 0 4
access-class acl-VTY in
exec-timeout 9 30
password 7 ********
transport input ssh
username cisco password **********
enable secret *********
No authorization / accounting commands configured. Here local user authentication works after removing the RADIUS key.
Please share the experience.
Thanks
Subodh
