Tacacs + local

satya mothukuri · ‎08-20-2013

Hi Team,

I need to create in such a way both my login should work if i use Tacacs and local username and password at same time.

i mean if my Tacacs is down or not i should be able to login with local username.

Thanks in advance

Regards,

Satya.M

cadet alain · ‎08-20-2013

Hi,

This is not possible because if you specify multiple authentication methods it will try the first one and if this is tacacs then only if you can't communicate with the tacacs server then it will try next method which could be local but if it can communicate with the tacacs server it won't try the local database.Maybe if you use 2 different named lists and apply them to different vty lines then you could use both on same device but on some lines you would use tacacs and on others you would use local database.

Regards

Alain

Don't forget to rate helpful posts.

schaef350 · ‎08-20-2013

You will have to try this with tacacs but I always have it work with RADIUS just fine:

aaa login administer local group radius

line vty 0 3

authorization exec

login authentication

I guess technically the local DB gets tried first in my case so you probably can't have username collisions between systems...

- Be sure to rate all helpful posts

Richard Burts · ‎08-20-2013

As I was reading this post my first reaction was similar to Alain that you can not bypass TACACS. But the second suggestion of changing the order in which authentication is performed is a creative solution. As long as the user name in the local database is different from the user name in TACACS then I believe that this solution should work.

HTH

Rick

HTH

Rick