Hi, I am trying to create a configuration to achieve the following: Authenticate an user through the local database on the router, if the user is not listed there, have the router look it up on the tacacs+ server.
However, the local portion of it it's not working, I can authenticate as an user created on the tacacs server but not using an user created locally on the router. The router is an ASR9k. This is the configuration:
tacacs-server host 10.1.1.1 port 49 key tacacstest aaa group server tacacs+ TACACS server 10.1.1.1 aaa authentication login TACACS-LOGIN local group TACACS line default login authentication TACACS-LOGIN
Reading the documentation, this should do what I want it to do, in practice it doesn't. Anyone has any idea? Thanks
No comments:
Post a Comment