set system aaa local-auth-fallback disable

The set system aaa local-auth-fallback disable command is used to enable or disable the local authentication fallback function.

Command Syntax

set system aaa local-auth-fallback disable <true | false>

Parameter

Parameter

Description

disable <true | false>

Enable or disable the local authentication fallback function. The value could be true or false.

true: disables the local authentication fallback function.
false: enables the local authentication fallback function.

By default, the local authentication fallback function is disabled.

Usage Guidelines

For management port or in-band interface login, if the TACACS+/RADIUS server is unreachable or the TACACS+/RADIUS service is not available, the system determines whether to perform local authentication based on the configuration of local authentication fallback function,

If the local authentication fallback function is enabled, then user will fallback to local authentication.

If the local authentication fallback function is disabled, then the system generates a syslog message and user is denied access to local authentication.

NOTE:

The local authentication fallback function is only applied to management port or in-band login interface in situations where the TACACS+/RADIUS server is unreachable or the TACACS+/RADIUS service is not available.
The set system aaa local-auth-fallback disable <true | false> command does not applied to console login. For console login, if the TACACS+/RADIUS server is unreachable or the TACACS+/RADIUS service is not available, the system generates a syslog and uses local user/passwd file for authentication. After successful login, local authorization will be performed.

Example

Enable local authentication fallback function.

admin@Xorplus# set system aaa local-auth-fallback disable false
admin@Xorplus# commit