Showing results for 
Search instead for 
Did you mean: 

AAA Tacacs+ and local database


Hey there,


does a solution exist for using AAA authentication Tacacs+ and local database simultaneously?

We have added a router to a dmvpn infrastructure and used the template provided by the dmvpn hub. This includes AAA Tacacs+ authentication.

We have a line like: aaa authentication login TEST group tacacs+ local

As I understand this command right, the local database will be only used, if the authentication Tacacs+ server can not be reached?

Am I right?

Can I use line vty 0 4 for local authentication and line vty 5 15 for aaa ?



2 Replies 2

Seb Rupik
VIP Advisor VIP Advisor
VIP Advisor

HI there,

Yes you are right on both counts.


Regarding the VTY lines, create two separate aaa methods using different users stores and reference them under the vty config blocks.


aaa authentication login TEST group tacacs+ local
aaa authentication login LOCAL local
line vty 0 4
  login authentication TEST
line vty 5 15
  login authentication LOCAL





Richard Burts
Hall of Fame Community Legend Hall of Fame Community Legend
Hall of Fame Community Legend

The original poster asks what appears to be a simple question (which may not be as simple as it appears) and Seb has provided exactly the correct answer to that question. So +5 for that. Using that configuration you would authenticate using tacacs with fallback to local if you access vty 0 through 4 and would authenticate using only local if you access vty 5 through 15. But how to get to vty 5 15 when you access the device?


A potential solution would be to specify on one group of vty access using only SSH and specify on the other group access using only telnet. If you do that then you choose your authentication method when you choose to access using SSH or using telnet. I hesitate to suggest something like this on a live network since you are forcing one group of users to use a less secure method of access.






Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers