Re: ACS AAA and LOCAL AAA database...

hornbeck · ‎08-01-2007

Hello,

We have implimented an 5520 device and configured it for ACS successfully. I want to also have a local database with a few accounts in the event our ACS server went down. I am having trouble finding documentation for the syntax I need to enter on this 5520 device configuration so I can have redundacy for AAA...can some help with this? TIA, Gary

rochopra · ‎08-01-2007

following command will help

aaa authentication ssh console server_group Local

So if AAA server is not available it will fallback to local database.

Following link can give more details:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mgaccess.html#wp1042026

~Rohit

hornbeck · ‎08-01-2007

Thank so much for information. I printed out the pdf. I am having an issue figuring out the syntax to create a server_group? I have look at the command lines but have not be successful. Can you advise on how to give the device a server group name? TIA, Gary

rochopra · ‎08-01-2007

Can configure server group by following commands:

aaa-server server_group protocol {kerberos | ldap | nt | radius | sdi | tacacs+}

aaa-server server_group (interface_name) host server_ip

See the following link:

http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/aaa.html#wp1039757

~Rohit

Jagdeep Gambhir · ‎08-02-2007

Hi ,

Check this example

aaa-server SERVER protocol tacacs+

aaa-server SERVER host 1.1.1.1

key $har3dK3y

This command applies the server group to the vty or

console lines:

==========

aaa authentication ssh console SERVER LOCAL <---

For SSH sessions

aaa authentication serial console SERVER LOCAL

<--- For console access

Hope that helps

Regards,

JG~

Please rate helpful posts