[c-nsp] ios aaa

John Brown john at citylinkfiber.com
Sun Mar 1 11:40:58 EST 2015


Hi Thomas,
Thats what I have, but it doesn't ever fail over to the local user on
the box.  Hence my confusion

On Sun, Mar 1, 2015 at 7:55 AM, Thomas Toquothty <tltoquothty at gmail.com> wrote:
> aaa authentication login <NAME> group radius local
>
> This is how we have ours and it will roll over to local if connectivity is
> down or whatever reason.
>
> On Sat, Feb 28, 2015 at 9:24 PM John Brown <john at citylinkfiber.com> wrote:
>>
>> Hi,
>>
>> I'm trying to have our cisco boxes use two different methods for
>> authentication.
>>
>> Radius and local.
>>
>> At present we have Radius working nicely.
>>
>> What  I would like to do is also have local username function.
>>
>> So that if the user is NOT in radius, but IS on the device locally it
>> will authenticate and let that user on.
>>
>> In addition, if radius is dead, the local username will allow a person on.
>>
>> This would be via  serial console, or ssh, or telnet (for those few
>> devices we have left that don't support ssh)
>>
>> I haven't found anything that is clear and makes sense.  I'm hoping
>> someone has a cut and paste, or a pointer to a working setup.  If this
>> is possible.
>>
>> thanks
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list