Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

nuggetz

8 Posts

1991

February 26th, 2009 14:00

TACACS and Local Accounts

Internal Auditing wants us to start using TACACS for authentication but I believe local accounts will cease to function once TACACS is used. My concern is remote support with EMC thru ESRS. If they needed to log into our switches during a support call, what would be the best way to allow this? Will the admin account still function? We certainly aren't going to create an Active Directory account for EMC so I'm just curious how other customers handle this scenario when running TACACS.

Also, if we loose the ACS server or Active Directory goes down and MDS users cannot authenticate via TACACS, will it allow local account access automatically or do I have to disable TACACS on all our switches?

healyj

141 Posts

November 28th, 2017 06:00

Hi there,

In our effort s to clean up the forum, we came across your question / statement.

If the question / statement is still valid, not expired and you need an update please reach out again and we try to get it answered.

As for now we set it to “answered.”

Regards,

Jim

ConnectrixHelpe

259 Posts

February 27th, 2009 13:00

Hello,

I recommend you check the section called "Authentication and Authorization Process" in the Cisco CLI Config guide for a good explanation of how the security authentication works. Depending on how exactly the switches are configured and your security plan is, the local accounts exist as a backup if the TACACS service is not available. EMC connecting back into the switches via ESRS will need some type of account that has switch access. There are all kinds of configurations you could create to allow the needed ESRS access so I would recommend you engage your local EMC field support on how they recommend it be configured to meet your particular situation.

Thank you.

Was this post helpful?

View All

No Events found!

Top