Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
234
Views
0
Helpful
1
Replies

Local authentication with TACACS

Ehsan M.
Level 1
Level 1

‎11-18-2015 02:41 PM - edited ‎03-10-2019 11:15 PM

Hello experts,

I know this might be an easy one for some...

Is there a way to have your network device (Switch or Router) to try to first authenticate locally (if the username was found on the local database of the device) and then if not found, device reach for TACACS authentication? We're rolling out TACACS authentication but don't want to disrupt existing 'local' authentication on our devices.

Thanks! Any help is highly apreciated!

Cheers,

Ehsan

Labels:
0 Helpful
1 Reply 1

Rolf Fischer
Level 9
Level 9

‎11-19-2015 11:25 AM

Ehsan,

you can define a list of authentication methods; the methods will be tried in the order in which they are configured:

aaa authentication login {default|<name>} method1 [method2] ...

I haven't tested it but this should work as desired:

aaa authentication login default local group tacacs+

HTH

Rolf

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents