Remote AAA Servers Unreachable; local authentication failed; console login successful

netspazz · ‎12-24-2018

I have radius configured and when connected it does authenticate and am able to login successfully.

Problem is that when the radius server is unreachable I should be able to login using the local login, but it fails with the following message;

"Remote AAA servers unreachable; local authentication failed"

I can hook up to the console and log in using the local accounts. I thought the rules, if set, when radius is unavailable then the local login should work.

Below is the configuration for AAA authentication:

aaa authentication login default group radius local
aaa authentication login console local
aaa authentication login error-enable

the above configuration shows if my default group cannot be reached then use local, and local does work since I can use the console to log in.

am I missing something?

Georg Pauwen · ‎12-24-2018

Hello,

what do you have configured locally ? Can you post the full configuration ?

netspazz · ‎12-24-2018

system is a nexus 5K

username admin password 5 XXXXXXXXXXXXXXXXXXXXXXX role network-admin
...
...
...
radius-server timeout 2
radius-server host radiusServer1 key 7 "XXXXXXXXXX" authentication accounting timeout 2 retransmit 3
radius-server host radiusServer2 key 7 "XXXXXXXXXX" authentication accounting timeout 2 retransmit 3
aaa group server radius management
server radiusServer1
server radiusServer2
source-interface loopback0
...
...
...
line console
exec-timeout 15
line vty
session-limit 14
exec-timeout 15
access-class MGMT-ACCESS in

balaji.bandi · ‎12-24-2018

aaa authentication login console local - becuase of this you able to login to console.

try adding

aaa authentication login default fallback error local

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help