Options

Using Local Logon if TACACs server fails

controlcontrol Member Posts: 309
in CCNA Security
If I setup a new AAA model to use an external server integrated with AD, how easy is it to configure the router to also try locally stored logon if this server fails/unavailable?
· Share on FacebookShare on Twitter

Comments

  • Options
    ZartanasaurusZartanasaurus Member Posts: 2,008 ■■■■■■■■■□
    You just add local or local-case to the authentication method.
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
    · Share on FacebookShare on Twitter
  • Options
    controlcontrol Member Posts: 309
    Does adding line to the authentication method allow this? Do I need run these commands under the actual lines themselves, e.g under line vty 0 4, or is this a global command?
    · Share on FacebookShare on Twitter
  • Options
    ZartanasaurusZartanasaurus Member Posts: 2,008 ■■■■■■■■■□
    Line means use the password configured under the vty line like you were using the login command under the vty. You can configure everything globally if you want by using the default login authentication list, or you can make a named list and apply it to the vty lines.

    aaa new-model
    aaa authentication login default group tacacs [local | local-case | line ]

    Make sure you define your tacacs servers. :)
    Currently reading:
    IPSec VPN Design 44%
    Mastering VMWare vSphere 5​ 42.8%
    · Share on FacebookShare on Twitter
Sign In or Register to comment.