03-16-2019 02:19 AM
Hi,
I need to configure a Nexus 9000 switch ( N9K-C9348GC-FXP - release 7.0(3)I7(3) ) to authenticate one or more users using TACACS and another user using Local authentication simultaneously.
I tried to configure "aaa authentication login default local group GROUP_NAME" but it was not possible.
How can I do it?
Thanks you,
Samuele
03-16-2019 04:10 AM
Hello,
what do you wanto to achieve, TACACS+ first and then local ? Or TACACS+ for some users, and local for others, at the same time ?
03-18-2019 02:48 AM
03-16-2019 12:18 PM - edited 03-18-2019 04:48 PM
Hello Samuele
Well it seem to suggest it supports AAA and possibly rotary so I cannot see why not - have a look here
03-18-2019 03:21 AM
03-18-2019 04:31 AM
Hello,
I think in NX-OS, the default fallback is local. So if you have configured:
aaa authentication login default group TACACS+
in case TACACS is not available or cannot authenticate, the default fallback is local. You can explicitly specify the fallback:
aaa authentication login default fallback error local
In your case, if you don't want certain users to use TACACS, just don't configure them on your TACACS server, but do configure them locally.
03-18-2019 06:20 AM
03-18-2019 07:11 AM
Not sure if you can do this since the Nexus does not support the rotary command:
This configuration example builds on the previous TACACS+ authentication example, including fallback authentication to the password that is configured locally with the enable secret command:
! username admin password <password> role network-admin ! aaa authentication login default group tacacs+ aaa authentication login default fallback error local
02-25-2020 04:58 AM
Check your Line vty 0 15 config. make sure
login authentication default is set correctly. if you have it set to a tacacs group it will still block you.
Also, you will need to set aaa authorization
aaa authorization exec default local group tacacs+
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide