Using Local Logon if TACACs server fails

If I setup a new AAA model to use an external server integrated with AD, how easy is it to configure the router to also try locally stored logon if this server fails/unavailable?

Find more posts tagged with

Comments

Zartanasaurus

You just add local or local-case to the authentication method.

control

Does adding line to the authentication method allow this? Do I need run these commands under the actual lines themselves, e.g under line vty 0 4, or is this a global command?

Zartanasaurus

Line means use the password configured under the vty line like you were using the login command under the vty. You can configure everything globally if you want by using the default login authentication list, or you can make a named list and apply it to the vty lines.

aaa new-model
aaa authentication login default group tacacs [local | local-case | line ]

Make sure you define your tacacs servers.

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of