authentication/authorization with aaa server and local username

arturo.reyna · ‎08-24-2004

Hi:

I want to use authentication and authorization with an aaa server, It ís working ok but I have a doubt.

Can I use at the same time authentication and authorization with local username as a backup ? I think in case of my aaa server failure.

Thank you.

Richard Burts · ‎08-24-2004

You certainly can combine using aaa server as the primary means of authentication and local username as a backup means of authentication. When you configure aaa authentication you can identify a primary method and a backup method.

You could use a configuration like this:

aaa authentication login default group tacacs+ local

which would use tacacs as the primary and local username as the backup.

Or a configuration that I see a lot is:

aaa authenticxation login default group tacacs line

this will use tacacs as the primary and the configured line (console or vty) passwords as the backup.

You probably also want to use aaa to authenticate the enable mode and to have a backup. You can use this:

aaa authentication enable default group tacacs+ enable

These examples assume that the IOS in the router supports the group concept. If the IOS in your router does not support this, then just leave out the word group in the examples and they should work ok.

HTH

Rick

HTH

Rick

arturo.reyna · ‎08-24-2004

Thank you.

Another question. Do you know if it aplies to PIX Firewalls?

I really appreciate you help.

vimal1980 · ‎08-24-2004

Hi!

The below post will help you in that.

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd60f3e

HTH.

Rgds

Vimal