Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1701
Views
0
Helpful
1
Replies

local authentication

kimlong
Level 1
Level 1

‎03-24-2003 07:11 AM - edited ‎03-10-2019 07:13 AM

Hi,

I want a back up login defined in case the authentiation server can't

be reached. I thought this command was working but today when

I went to roll out the config, I tested the username/password combo

and I failed to login to the switch.

Is this the correct command to enable tacacs+ with a

fallback to locallly defined username password?

aaa authentication login default group tacacs+ local

If this is correct, is there some internal mechinism that

says the login has to fail to the tacacs+ server before the

locally defined username/password will be used?

Thanks.

Labels:
0 Helpful
1 Reply 1

rlotwala
Level 1
Level 1

‎03-24-2003 12:52 PM

Hi,

For Catalyst 6000 and 4000, Please use the following statements to override Authentication failure:

set authorization exec enable if-authenticated none console

set authorization exec enable if-authenticated none telnet

This will be your enable secret password that you've configured on your switch.

Hope this will help you resolve your issue.

Raj

NYC Department of Correction

0 Helpful
Customers Also Viewed These Support Documents