View the parameters to set the authentication mode so TACACS+ is primary.
After you configure the client-side TACACS+ server list, you must set the authentication mode so that TACACS+ is used as the primary source of authentication.
Full Syntax | [no] aaa authentication
login tacacs+ local-auth-fallback
|
Parameter descriptions |
keyword no: Negate the command keyword aaa : Configure preferred order of types of AAA server (only TACACS+ is supported) keyword authentication: Configure preferred order for authentication Keyword login: Order of sources for login (default='local') Keyword tacacs+ : Use TACACS+ servers Keyword local-auth-fallback: Use local switch database if TACACS+ authentication methods are not active or authorization fails. |
Command modes | Configuration mode |
Permissions & Validations |
|
Behavior description | By default, the local database is used for authentication. You can configure the application to authenticate users with the TACACS+ server as the primary method, with the local database as the fallback if TACACS+ is unavailable or authentication fails. |