AAA authentication sequence

bapatsubodh · ‎10-11-2011

Hi,

If we have configured the following aaa authentication command

aaa authentication login default group radius local

username localuser priv 15 password *****

enable secrte ********

Case 1.

In this case if the router can reach the radius server and if we try to access the router with local username localuser and it's password will it get authenticated? Or it will contact the RADIUS server and then it will reject the username and password.

If this CASE 1 is true then is there any way to have a username locally in router that is not on the availabe in RADIUS and then use it to login to the router.

Case 2;

Radius server is down and if try to access the router with local user name and password. I gues router should use the local username database for authentication.

Please share the experience.

Thanks in advance

Subodh

cadet alain · ‎10-11-2011

Hi,

Case 1:

the local username/password will only be used if radius server is unavailable. You can use a named method instead of default specifying local database and apply it to a specific line with the login authentication >method name> command:

-aaa authentication login NAMED local

- line vty 1

login authentication NAMED

Case2: correct

Regards.

Alain.

Don't forget to rate helpful posts.

John Blakley · ‎10-11-2011

Case 1:

The local database won't be used as long as it can get a response from the radius server.

Case 2:

It will use the local database if it can't contact a radius server.

John

HTH, John *** Please rate all useful posts ***