Hannes, you would configure it like this Router(config)#aaa authentication local-override
In this case, the router will first check to see if there is a local user specified before checking the tacacs server. If one doesn't exist locally then it would check the tacacs server. Hope that helps. Woody -----Original Message----- From: Kumari, Hannes [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 7:49 AM To: [EMAIL PROTECTED] Subject: Terminal server tacacs+ question [7:34607] Hi All, Im tring to configure 2509 (with 8 async ports) as a terminal server so that I could access my network devices via console port. I have my default tacacs policy in place but in addition to that I would like to have sepparate policy for third parties ( IT depatment needs console acces to servers aswell ). And now the problem, when tring to reverse-telnet like this : telnet 10.10.10.10 2001 It first checks the tacas for authentication, but I have no intention to auth. 3`rd parties thougt tacacs but have created local usernames/password in 2509 How should the config look like in order it to check local usernames/password first befor tacacs auth. ------- my current conf in 2509 aaa now-model aaa authentication login default tacacs+ enable aaa authentication enable default tacacs+ enable aaa authorization exec default tacacs+ if-authenticated ... username kala password 0 kala rgds, Hannes Kumari Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34660&t=34607 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]