Solved: tacacs + and local account

kfulen · ‎02-01-2011

Hello all.. Im trying to set up my cisco switch not to use the local account if the tacacs server is up. Here is what I have so far..thanks

aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ local
aaa accounting send stop-record authentication failure
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

Jatin Katyal · ‎02-01-2011

The current configuration you have will work in your favor.

aaa authentication login default group tacacs+ local

This command says user will be able to login via local username //password only if tacacs server goes down.

Conclusion : local user will not be able to authenticate in tacacs server presence.

HTH

Regds, Jatin

Do rate helpful posts~

~Jatin

View solution in original post

Jatin Katyal · ‎02-01-2011

The current configuration you have will work in your favor.

aaa authentication login default group tacacs+ local

This command says user will be able to login via local username //password only if tacacs server goes down.

Conclusion : local user will not be able to authenticate in tacacs server presence.

HTH

Regds, Jatin

Do rate helpful posts~

~Jatin

kfulen · ‎02-01-2011

Thanks for your help!

Jatin Katyal · ‎02-01-2011

I would really appreciate if you mark this thread resolved so that other can take help out of it.

~Jatin

Daniel Vieceli · ‎05-07-2012

Thanks