04-07-2014 11:05 AM
We would like to disable local user remote login via ssh/telnet and only allow TACACS remote login. Is the correct method just to disable "Allow Local Authentication?" we would want to be able to login locally with root/admin if the network is down still.
Solved! Go to Solution.
04-07-2014 12:29 PM - edited 04-07-2014 12:31 PM
Yes, if you disable that setting, only authentications from your external server (RADIUS/TACACS+) are allowed. If the external server is not reachable (no response/timeout), local authentication is allowed.
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
04-08-2014 11:58 AM
So this seemed to work the way I guess it should have but now we can't have our front desk users login to do guest provisioning. Is there any way to limit remote logins to just guest provision users and not the admin/root ones?