Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1446
Views
0
Helpful
1
Replies

N1KV - radius aaa auth with local account fallback

kst.amand
Level 1
Level 1

‎11-11-2009 05:10 AM

Attempting to setup aaa authentication using Radius, withability to fall back to locally defined accounts.

configuration is;

aaa authentication login default group Radius_Auth none

With N1KV we are unable to add "local" as an option after a group, as we do with physical routers and switches.

If the login account is not part of the Radius aaa group, logins fail and the locally defined accounts are never used.

Are we missing something?

Labels:
0 Helpful
1 Reply 1

agiaccone
Level 1
Level 1

‎11-29-2009 05:28 PM

Hi,

if not specified, local fallback for atuhentication is the default behavior on nexus 1000v (http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_3aaa.html#wp1174514)

However I'm quite sure local account database is queried only if radius servers are unreachable, so users not havign a radius account can't access as long as the radius servers are reachable by the switch.

Hope this helps,

Alberto

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card