[c-nsp] ios aaa

[Clint Wade]

Tthat is an ordered list based on availability and not just whether an
account resides there, so as long as RADIUS is available it will not step
to local as far as I know.

On Sun, Mar 1, 2015 at 10:40 AM, John Brown <john at citylinkfiber.com> wrote:

> Hi Thomas,
> Thats what I have, but it doesn't ever fail over to the local user on
> the box.  Hence my confusion
>
> On Sun, Mar 1, 2015 at 7:55 AM, Thomas Toquothty <tltoquothty at gmail.com>
> wrote:
> > aaa authentication login <NAME> group radius local
> >
> > This is how we have ours and it will roll over to local if connectivity
> is
> > down or whatever reason.
> >
> > On Sat, Feb 28, 2015 at 9:24 PM John Brown <john at citylinkfiber.com>
> wrote:
> >>
> >> Hi,
> >>
> >> I'm trying to have our cisco boxes use two different methods for
> >> authentication.
> >>
> >> Radius and local.
> >>
> >> At present we have Radius working nicely.
> >>
> >> What  I would like to do is also have local username function.
> >>
> >> So that if the user is NOT in radius, but IS on the device locally it
> >> will authenticate and let that user on.
> >>
> >> In addition, if radius is dead, the local username will allow a person
> on.
> >>
> >> This would be via  serial console, or ssh, or telnet (for those few
> >> devices we have left that don't support ssh)
> >>
> >> I haven't found anything that is clear and makes sense.  I'm hoping
> >> someone has a cut and paste, or a pointer to a working setup.  If this
> >> is possible.
> >>
> >> thanks
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>