Remote Authentication - Tacacs+ server unavailable - fallback local?

Question

If I configure a TACACS+ server and it becomes unavailable will the F5 LTM (10.2.1) fallback to using the local database?&nbsp;
&nbsp;Also if the TACACS+ server is communicating can a local admin account be used to log into the device?&nbsp;
&nbsp;I just want to make sure I don't hose myself when I configure Remote TACACS+ authentication.&nbsp;
&nbsp;Thanks,
&nbsp;Josh&nbsp;

hooleylist · Answer

Hi Josh, 
&nbsp;  
&nbsp; I don't think there is any fallback mechanism by default if the remote auth server(s) aren't available.  The root and admin accounts are always authenticated locally though, so you can use those accounts in the event of a failure to the remote auth server. 
&nbsp;  
&nbsp; I think there is an existing request for enhancement asking to support remote and local admin auth.  If this is something you'd find useful, you could open a case with F5 Support. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Remote Authentication - Tacacs+ server unavailable - fallback local?

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Transparent Kerberos Authentication and APM fallback authentication

Creating local users when using Remote Authentication and unavailable login

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

APM Kerberos Auth or fallback to another authentication method

Doing mTLS Authentication per URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS