Hello,
Please see attached diagram.
In my network, there is a Cisco ISR that is co-managed by two different administrators. Each administrator's credentials are held on its own separate AAA server.
Is there a way for the Cisco ISR to have an AAA authentication configuration to support this design? For example:
- when administrator #1 attempts an SSH session to the ISR, can the ISR validate his credentials to the AAA server "blue"?
- when administrator #2 attempts an SSH session to the ISR, can the ISR validate his credentials to the AAA server "red"?
I am not 100% sure if the Cisco ISR can support this and wanted to confirm - I have a feeling that as long as the first AAA server is functional and returning a response, the second AAA server will not be consulted for authentication.
Thank you,
Joel