cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
466
Views
0
Helpful
3
Replies

Tacacs + local

satya mothukuri
Level 1
Level 1

Hi Team,

I need to create in such a way both my login should work if i use Tacacs and local username and password at same time.

i mean if my Tacacs is down or not i should be able to login with local username.

Thanks in advance

Regards,

Satya.M

3 Replies 3

cadet alain
VIP Alumni
VIP Alumni

Hi,

This is not possible because if you specify multiple authentication methods it will try the first one and if this is tacacs then only if you can't communicate with the tacacs server then it will try next method which could be local but if it can communicate with the tacacs server it won't try the local database.Maybe if you use 2 different named lists and apply them to different vty lines then you could use both on same device but on some lines you would use tacacs and on others you would use local database.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

schaef350
Level 1
Level 1

You will have to try this with tacacs but I always have it work with RADIUS just fine:

aaa login administer local group radius

line vty 0 3

authorization exec

login authentication

I guess technically the local DB gets tried first in my case so you probably can't have username collisions between systems...

- Be sure to rate all helpful posts

- Be sure to rate all helpful posts

As I was reading this post my first reaction was similar to Alain that you can not bypass TACACS. But the second suggestion of changing the order in which authentication is performed is a creative solution. As long as the user name in the local database is different from the user name in TACACS then I believe that this solution should work.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: