Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
3
Helpful
2
Replies

TACACS+

colmgrier
Level 1
Level 1

‎01-30-2009 10:42 AM - edited ‎03-10-2019 04:18 PM

Loging into a Cisco switch I want the below options to work. Im using Cisco ACS v4.1 and a cisco 3560 switch.

Is this possible

Switch login options:

1. TACACS+ server authenciation (Cisco ACS) ---

2a. TACACS+ server fails (Cisco ACS) - use local switch AAA username & Password

2b. TACACS+ username and password incorrect (Failed login on ACS) - use local switch AAA username & Password

! Console port

3 Console port use local AAA username and password only

Labels:
0 Helpful
2 Replies 2

Collin Clark
VIP Alumni
VIP Alumni

‎01-30-2009 11:46 AM

1. aaa authentication login VTYMethod group tacacs+

line vty 0 4

login authentication VTYMethod

1a. aaa authentication login VTYMethod group tacacs+ local

line vty 0 4

login authentication VTYMethod

2b. AFAIK you can't do that

3. aaa authentication login CONSOLEMethod group local

line con 0

login authentication CONSOLEMethod

Hope that helps.

0 Helpful

Daniel Laden
Level 4
Level 4

‎02-01-2009 12:55 PM

2b. You will not be able to do this.  The local method is only checked if the TACACS method is unresponsive.  A failed TACACS authentication is an active response.

Customers Also Viewed These Support Documents