backup line with local auth. for TACACS failures

ozlemduran · ‎02-10-2005

hi,

we are using ACS TACACS for our cisco devices telnet security, but we also using DC database for authentication and if it database goes down, authentication stopping. at this time cisco device still searching for tacacs server and does not allow telnet.

we have been using the conf.below recently,but now it is not working...

!

aaa authentication login loginlocal local

!

line vty4

login authentication loginlocal

thanks

Richard Burts · ‎02-10-2005

I do not understand your description of your situation and am not sure what your problem really is.

The title of your question sounds like you want a backup method of authentication when TACACS is not working. But the configuration example that you include does not use TACACS at all. This configuration will control authentication for anyone accessing the router via vty and will only do local authentication. Local authentication depends on having a listing of user names and passwords on the local router. If the router does not have this list of user names and passwords then authentication will fail.

If you want to use TACACS as primary and local as backup then the configuration might look something like this:

aaa authentication login loginlocal group tacacs+ local

If this does not adequately answer your question then please clarify your situation and the problem that you are trying to solve.

HTH

Rick

HTH

Rick