Security

Reply
Occasional Contributor I

TACACS service on ClearPass

Hello,

 

Customer using ClearPass with Cisco switches had the following question.

 

" For the tacacs service in ClearPass, when there is no service match, our Cisco devices do not fallback to local authentication, because the tacacs server is still running and replying back to the device it appears. Is there a way to circumvent this in the event that there is no service match and to simply not respond? "

 

To my understanding till ClearPass is alive switch will not fallback to local authentication. 

Posting this question to confirm if there was a way around to customers ask.

 

Thanks in advance,

Kandhla

 

 

MVP

Re: TACACS service on ClearPass

This is how Cisco IOS works unfortunately. There is nothing much you can do on ClearPass for this issue. As far as TACACS server is reachable, Cisco IOS will not fallback to local authentication. As a workaround, can you try putting local auth ahead of TACACS:

aaa authentication login default local group tacacs+

JayBee
ACDX | ACCX| CCIE (RnS/SP,DC) | ACCP | ACMP | ACSA | ACMA | JNCIS | JNCIA
If the provided solution resolves your issue, please mark it as accepted solution to help others.
Occasional Contributor I

Re: TACACS service on ClearPass

Not sure if putting local authentication first would be the best alternative. 

 

Thanks for the response.

 

-Kandhla

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: