05-18-2012 07:24 AM - edited 03-10-2019 07:06 PM
Hi all,
I have strang situation, when you try to authenticate with the local username and password, switch keeps bouncing back for user name and password
though I have given the correct information
*****************************************************
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa authorization exec no_tac none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
*************************************************************************
Based on the
aaa authentication login default group tacacs+ local
if you fails to authenticate with the ACS server, router/Switch will look for local authentication, correct.
I have created a user & a password localy on the device. when try to enter the local username/pass switch keeps bouncing back for username and password.
kindly help please
thanks in advance
Lance
05-18-2012 11:15 PM
If you fail to authenticate with ACS server then ACS will tell the device to deny access to that particular user. The device won't look for local authentication.
The only way it will look for local authentication is if ACS is not responding at all.
05-21-2012 03:04 AM
Hi Aduado
thanks for the reply, I understand what you say, but even the AACS server is not responding this fails.
what we did, we took another switch and configure the same way as the failing device .
then we placed a firewall between the switch and the ACS server and block any request from the switch going to the
ACS server. we could see the firewall is dropping the request send via switch to the ACS and been dropped.
however the switch is not falling back to the local authentication
when we provide the local username/pass it just keeps on asking for username and password
the IOS is 12.2(33)SXI3 (s72033_rp-ADVIPSERVICESK9_WAN-VM), could not find any bugs relate to this issue.
thanks you for the support
Lancellot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide