cancel
Showing results for 
Search instead for 
Did you mean: 

AAA secondary Authentication

New Contributor

AAA secondary Authentication

We are to configure AAA to our pulse secure box but i was struggling to find a way to configure a secondary authentication if the ACS server fails. Should I create 2 realms - one with AAA authentication and the other with local authentication? Because I did not find any online articles regarding this.

Thanks in advance.
3 REPLIES 3
ruc
Pulser

Re: AAA secondary Authentication

If you want to configure fallback for authentication (in cases where the primary server fails) then is has to be done using the primary/secondary fields within the authentication server instance definition (for example when you configure a radius or LDAP server on PCS device you will see the primary/secondary auth server fields)

However you cannot configure the device such that if Primary auth server fails (example: radius) then fallback to another completely different auth server (example LDAP or local auth)
New Contributor

Re: AAA secondary Authentication

Well thank you. Else i would have wasted a lot of time for this.
It seems we figured out an alternative , by creating another sign in policy that authenticates via aaa, while the default page authenticates via the local database.

Thanks again
ruc
Pulser

Re: AAA secondary Authentication

I'm glad it helped, I'm sure you are aware but I'll mention it incase you missed it. With the setup you mentioned as alternative a potential downside is that end-users may always go the sign-in page that is configured for local database (local auth server) even if the LDAP/Radius or other external Auth server is available.