cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

94
Views
0
Helpful
1
Replies
Ehsan M.
Beginner

Local authentication with TACACS

Hello experts,

I know this might be an easy one for some...

Is there a way to have your network device (Switch or Router) to try to first authenticate locally (if the username was found on the local database of the device) and then if not found, device reach for TACACS authentication? We're rolling out TACACS authentication but don't want to disrupt existing 'local' authentication on our devices.

Thanks! Any help is highly apreciated!

Cheers,

Ehsan

1 REPLY 1
Rolf Fischer
Engager

Ehsan,

you can define a list of authentication methods; the methods will be tried in the order in which they are configured:

aaa authentication login {default|<name>} method1 [method2] ...

I haven't tested it but this should work as desired:

aaa authentication login default local group tacacs+

HTH

Rolf

Content for Community-Ad