ERS 4850GTS-PWR+ / TACACS+ Servers Unreachable - Local Authentication Not Working

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts
  • jacks232
    Aspiring Member
    • Apr 2015
    • 1

    ERS 4850GTS-PWR+ / TACACS+ Servers Unreachable - Local Authentication Not Working

    Hi all,

    We are trying to migrate our Avaya 4850GTS-PWR+ switches to our existing Global TACACS+ authentication platform but we are running into difficulties because the Avaya's refuse to do local authentication when the TAC+ servers become unreachable.

    They output an error that the global authentication servers are unreachable and continue to prompt for username/password endlessly.

    According to the Avaya documentation, this is what is supposed to happen:

    "You can configure two TACACS+ servers, a primary server and a secondary server. If all servers are not reachable (no answers) then local authentication is done."

    I know that this used to be an issue with RADIUS authentication until the "radius-server password fallback" command was added in later releases.

    Are we missing something? Is there a way for us to set a TACACS server timeout value and then force local user/password authentication? The implementation is pretty useless if it cannot fallback to local authentication in the event of a network/TAC+ server outage.

    Our configuration is pretty basic:

    tacacs server host x.x.x.x key
    tacacs authorization enable
    tacacs authorization level all
    tacacs accounting enable
    cli password switch telnet tacacs


    The 4850 switches are running FW 5.8.0.1 / SW v5.8.0.005

    Many thanks in advance,

    Mike
Loading