[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 802
  • Last Modified:

Secondary Authentication on ASA 5520


I would like to know if we could get RADIUS authentication on SSH into the ASA 5520 to failover to local user accounts if the RADIUS server rejects the user request or it i snot available. We need to do this so that configurations can be automatically backed up and checked every day for changes using our SolarWinds console.

I seem to recall that we can configure each type of access, e.g. console, ssh, telnet for one type of authentication without failover.

Any help would be greatly appreciated!
1 Solution
Yes, you can select to use LOCAL if the authentication server cannot be reached.
In the ASDM, Device Management | Users/AAA | AAA Access
Authentication tab.
Select SSH and server group for Radius and check the box "use local when server group fails"
Or from command line:
  aaa authentication ssh console <radius grou> LOCAL

Note: it works best if your LOCAL username/password is the same as on the domain

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now