Configure Login Authentication Mode

Before you begin

  • Only admin users can perform this procedure.
  • The TACACS+ host must be configured on the 9920 device.

About this task

Perform this procedure to configure TACACS+ as the primary source of authentication and the local-auth-fallback as the secondary source. For additional information, see TACACS+ Configuration.

Procedure

  1. Enter the Config mode.
    device(config)# 
  2. Configure the login authentication mode.
    device# configure terminal
    device(config)# aaa authentication login tacacs+ local-auth-fallback
    device(config)# aaa accounting all default start-stop tacacs+
    device(config)# tacacs-server host 1.2.3.4
    device(config-tacacs-config)# plain-key testing123
    For more information on the aaa authentication command, see Extreme 9920 Software Command Reference, 21.2.1.0 .
    Authentication is attempted first with the TACACS+ server. If that fails, authentication is attempted with the local database.
  3. View the configuration.
    device(config-tacacs-config)# do show run
    username testuser2 role user password $6$salt$cevuzTZ/QBjzuZG0/ebEeedmcTnhyM8ITUu8K032Cp2XvIibq7voqYagm18bwpLBqrg/l/l6YxTmKKibJz5r10
    tacacs-server host 1.2.3.4
      encrypted-key QjQkJLQUF3ncI1ooQCOaoEsBn5epVI3GsQwFD6i_BW
    aaa authentication login tacacs+ local-auth-fallback
    aaa accounting commands default start-stop tacacs+
    interface ethernet 1/2
      shutdown
    interface ethernet 2/2
      shutdown
  4. Log into the device using an account with TACACS+-only credentials to verify if the login authentication mode is configured.