tacas server is down

p.tournier · ‎03-19-2003

hi,

I'm implementing Authentication with a tacacs server, all is working fine but I have a very specific question :

My conf iguation :

aaa new-model

aaa authentication password-prompt Password:

aaa authentication login securid group tacacs+ local

aaa authentication login console group radius local

aaa authentication enable default group radius enable

The problem is when the tacacs server is down, there is no message to inform the user. So when the server is down and I try to go into the enable mode, the first prompt is :

Password :

I think that at this point he checks the password with the server (the server is down) then he try the local mode and prompt :

Password:

and only now, I have access to the enable mode with the local password.

Is there any way to inform the user that the server is down (like CatOs) or to go directly in the local mode when the server is down and don't ask me 2 times the enable password

thanks....

tepatel · ‎03-19-2003

No..there is no way to inform user the the authentication server is down. Authentication method will be followed as configured in the "aaa authentication....." command.

However you can configure the router to skip sending to that radius server if its not responding. So that way the authentication process will be faster. You need to use "radius-server deadtime x" command for that. Pl. visit following url for more and how to use that command.

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122tcr/122tsr/fssprocr/sftrad.htm#1017571