Remote Authentication - Tacacs+ server unavailable - fallback local?

Question

If I configure a TACACS+ server and it becomes unavailable will the F5 LTM (10.2.1) fallback to using the local database?&nbsp;
&nbsp;Also if the TACACS+ server is communicating can a local admin account be used to log into the device?&nbsp;
&nbsp;I just want to make sure I don't hose myself when I configure Remote TACACS+ authentication.&nbsp;
&nbsp;Thanks,
&nbsp;Josh&nbsp;

hoolio · Answer

Hi Josh, 
&nbsp;  
&nbsp; I don't think there is any fallback mechanism by default if the remote auth server(s) aren't available.  The root and admin accounts are always authenticated locally though, so you can use those accounts in the event of a failure to the remote auth server. 
&nbsp;  
&nbsp; I think there is an existing request for enhancement asking to support remote and local admin auth.  If this is something you'd find useful, you could open a case with F5 Support. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Remote Authentication - Tacacs+ server unavailable - fallback local?

1 Reply

F5 Academy at AppWorld 2026

Kostas Injeyan - October 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

f5 client certificate forwarding

SSL Orchestrator and Layer 2 Service Integration

Ansible - Upload Certificates requires Administrator Role?

Adding metadata to certificates objects

F5 XC HTTP 404 rout_not_found / rsp_code 404

Related Content

Transparent Kerberos Authentication and APM fallback authentication

APM Kerberos Auth or fallback to another authentication method

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Creating local users when using Remote Authentication and unavailable login

iControl REST Authentication Token Management

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS