Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
637
Views
0
Helpful
1
Replies

AAA authentication preference

bapatsubodh
Level 1
Level 1

‎08-10-2012 11:04 AM - edited ‎03-10-2019 07:24 PM

We have AAA configured as follows

aaa new-model

aaa authentication login default local group radius

aaa authentication enable default enable

aaa authorization exec default group radius if-authenticated

aaa session-id common

It was expected that switch will check the local username first and then Radius server. But it is not checking local username it's getting authenticated by RADUIS. even though default priority is for "local" and then "Radius group".

Please share the experience.

Thanks,

-Subodh

Labels:
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎08-10-2012 12:09 PM

With the command "aaa authentication login default local group radius" the local database is checked first and RADIUS is the fallback. But there is a "feature" that is sometimes not expected. If the user is not found in the local database the authentication is not rejected, but passed to the next method which is RADIUS.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents