Having your Cisco devices authenticate/ authorization via Radius is very useful in simplifying your management of your users. The problem is if the Radius fails then how do you access your Cisco devices? The solution is to have the authentication/ authorisation default back to the devices local user database when the Radius become unresponsive .
This is a simple config for your Cisco devices to enable Authorisation/ Authentication initially via the Radius and then via the local if the Radius becomes unavailable.
example
username <username> priviledge <1-15> password <password>
aaa new-model
aaa authentication logon default group radius local
aaa authorization exec default group radius local
aaa authorization consol
line vty 0 15
login authentication default
authorization exec default
Nice post very helpful
ReplyDeletedbakings