https://community.extremenetworks.com/t5/extremeswitching-exos-switch/login-fallback-to-local-user-even-tacacs-configured/m-p/95086#M21799 <P>Hello!<BR /><BR />Generally this issue is due to the TACACS+ server not replying with a 'fail' or 'accept' message. It is probably sending something else in response leading the switch to think that the server is not working, therefore, it falls back to local authentication.</P><P>&nbsp;</P><P>These articles may be helpful:<BR /><A href="https://extremeportal.force.com/ExtrArticleDetail?an=000093509" target="_blank">https://extremeportal.force.com/ExtrArticleDetail?an=000093509</A></P><P><A href="https://extremeportal.force.com/ExtrArticleDetail?an=000082285" target="_blank">https://extremeportal.force.com/ExtrArticleDetail?an=000082285</A><BR /><BR />You may also need to collect a PCAP of the TACACS+ exchange, decode it via wireshark, and see what the TACACS server is replying with. If it is not a 'Fail' or 'Accept', that would be the issue.</P><P>&nbsp;</P><P>Hope that helps!</P> Fri, 10 Mar 2023 15:49:48 GMT Gabriel_G 2023-03-10T15:49:48Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/login-fallback-to-local-user-even-tacacs-configured/m-p/95078#M21798 <P>We configured TACACS over Extreme Switch but you can also log in with a local account.</P><P>My Configuration is&nbsp;</P><P>configure tacacs primary server 172.16.11.52 49 client-ip 172.16.0.10 vr VR-Default<BR />configure tacacs primary shared-secret encrypted "#$H4H5oLIn4H+TRgtYrxiHVtFwGtljZw=="<BR />configure tacacs-accounting primary server 172.16.11.52 49 client-ip 172.16.0.10 vr VR-Default<BR />configure tacacs-accounting primary shared-secret encrypted "#$hp08PEW0oz0kZBjQaP0bHYqBdCcqSg=="<BR />enable tacacs<BR />configure tacacs timeout 60<BR />enable tacacs-accounting<BR />enable tacacs-authorization<BR />configure tacacs fallback disallow<BR />configure tacacs priv-lvl required<BR />create account admin cisco encrypted "$5$sRVgQN$aL8UAzkEwMLmGPy82v1On6QLuvBeKdjVQGCRsUmcjq3"</P><P>&nbsp;</P> Fri, 10 Mar 2023 09:29:18 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/login-fallback-to-local-user-even-tacacs-configured/m-p/95078#M21798 pgimer 2023-03-10T09:29:18Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/login-fallback-to-local-user-even-tacacs-configured/m-p/95086#M21799 <P>Hello!<BR /><BR />Generally this issue is due to the TACACS+ server not replying with a 'fail' or 'accept' message. It is probably sending something else in response leading the switch to think that the server is not working, therefore, it falls back to local authentication.</P><P>&nbsp;</P><P>These articles may be helpful:<BR /><A href="https://extremeportal.force.com/ExtrArticleDetail?an=000093509" target="_blank">https://extremeportal.force.com/ExtrArticleDetail?an=000093509</A></P><P><A href="https://extremeportal.force.com/ExtrArticleDetail?an=000082285" target="_blank">https://extremeportal.force.com/ExtrArticleDetail?an=000082285</A><BR /><BR />You may also need to collect a PCAP of the TACACS+ exchange, decode it via wireshark, and see what the TACACS server is replying with. If it is not a 'Fail' or 'Accept', that would be the issue.</P><P>&nbsp;</P><P>Hope that helps!</P> Fri, 10 Mar 2023 15:49:48 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/login-fallback-to-local-user-even-tacacs-configured/m-p/95086#M21799 Gabriel_G 2023-03-10T15:49:48Z