The login-authentication mode is defined as the order in which AA services are used on the device for user authentication during the login process. If AA login is not configured, authentication mode defaults to local authentication mode.
The NPB application supports two sources of authentication: primary and secondary. The secondary source of authentication is used in the event of primary source failure. AA login configuration is supported, with TACACS+ as primary and local-auth-fallback as secondary.
You can configure two possible sources for authentication to access the 9920 device:
If login fails through the primary source because of none of the configured servers not responding or because of login rejected by a server, failover occurs and authentication is done again through the secondary source (local).
By default, external AA services are disabled, and AA services default to the device-local user database. An environment requiring more than 64 users, including default and admin users, should adopt AA servers for user management.