Solved: AAA Authentication methods

murray.bown · ‎11-17-2022

Hello Guys,

I looking for some clarity on AAA Authentication configuration.

Problem Statement

Using the configuration below, when i logon with a user account that is valid in the RADIUS server i am able to successfully SSH to the switch, if however i try to use a local account i am unable to authenticate, i can see the failed authentications in the RADIUS server logs.

My understanding is that the AAA configuration should try its first method and then if unsuccessful failover to local authentication.

Here is my config.

aaa group server radius RADIUS_GROUP
server name TEEIS0001
server name TEEIS0002
ip radius source-interface Vlan1
deadtime 5

aaa authentication login default group RADIUS_GROUP local
aaa authentication enable default enable

line vty 0 4
exec-timeout 30 0
privilege level 15
logging synchronous
transport input ssh
transport output ssh

marce1000 · ‎11-17-2022

- Check the reply from Kasrsten Iwen in this thread : https://community.cisco.com/t5/network-access-control/cisco-login-radius-and-local/td-p/2989344

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

marce1000 · ‎11-17-2022

- Check the reply from Kasrsten Iwen in this thread : https://community.cisco.com/t5/network-access-control/cisco-login-radius-and-local/td-p/2989344

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '