cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1242
Views
0
Helpful
1
Replies
kst.amand
Beginner

N1KV - radius aaa auth with local account fallback

Attempting to setup aaa authentication using Radius, withability to fall back to locally defined accounts.

configuration is;

aaa authentication login default group Radius_Auth none

With N1KV we are unable to add "local" as an option after a group, as we do with physical routers and switches.

If the login account is not part of the Radius aaa group, logins fail and the locally defined accounts are never used.

Are we missing something?

1 REPLY 1
agiaccone
Beginner

Hi,

if not specified, local fallback for atuhentication is the default behavior on nexus 1000v (http://www.cisco.com/en/US/docs/switches/datacenter/nexus1000/sw/4_0/security/configuration/guide/security_3aaa.html#wp1174514)

However I'm quite sure local account database is queried only if radius servers are unreachable, so users not havign a radius account can't access as long as the radius servers are reachable by the switch.

Hope this helps,

Alberto

Content for Community-Ad