The documentation library has moved to: level.lantronix.com/docs
This document is moving to: level.lantronix.com/docs/knowledge-base/security
Proper configuration of a Cisco router will allow it to fail over to local authentication if the connection to TACACS fails. However, a situation can occur where the connection fails after the user is successfully authenticated. This may prevent the user (e.g. the Uplogix Local Manager) from performing basic commands such as logout.
To account for this situation, modify the aaa statements in the config of your Cisco router.
aaa authentication login default group tacacs+ local aaa authorization console aaa authorization exec default local group tacacs+ aaa authorization commands 0 default local group tacacs+ if-authenticated aaa authorization commands 1 default local group tacacs+ aaa authorization commands 15 default local group tacacs+
Adding the argument if-authenticated will allow a user to execute level 0 commands even if the connection to TACACS is lost after authentication. This will allow the Local Manager to log out of the Cisco router so that local authentication can be used.
The if-authenticated argument can be added to the other command levels if desired.