Solved: TACACS+ AAA configuration on MDS 9222i

Andrew Bailey · ‎05-24-2011

I am not NX-OS guy... but and I am trying to configure authentication with our ACS on our MDS 9222i. I want to use tacacs+ then local if that fails.

In IOS I can do that with the following command:

aaa authentication login default group tacacs+ local

But in NX-OS that is not an option.

hostname(config)# aaa authentication login default group servergroupname ?

<CR>

WORD Server group name (Max Size 127)

none No authentication

Here is my config

feature tacacs+
tacacs-server key password
tacacs+ distribute
tacacs-server host x.x.x.x
tacacs+ commit

aaa group server tacacs+ servergroupname

aaa authentication login default group servergroupname
tacacs-server directed-request

I want to be able to use both tacacs+ and local user database for authentication? What am I missing?

Vu Phan · ‎05-25-2011

If you want to use both tacacs and local for authentication. You will need to create local users on the switch.

The authentication will first check with tacacs then fall-back to local.

Thanks

Vu Phan · ‎05-25-2011

If you want to use both tacacs and local for authentication. You will need to create local users on the switch.

The authentication will first check with tacacs then fall-back to local.

Thanks

Andrew Bailey · ‎05-26-2011

Thanks for your response. I originally wanted to use both tacacs+ and local, but I am ok with having local only work when tacacs+ is unreachable.