I want to access my Cisco devices using 2FA(Radius+LoginTC) as primary login and secondary as Local login, there should be time out between 2FA and Local access, Incase 2FA is down and also is it possible to configure this setup based on interface ( wan or LAN)… if possible, please share sample configuration
Here’s an example how to use AAA authentication with local fallback:
You can change the backoff algorithm and deadtime for each server if you want:
R1(config)#aaa new-model R1(config)#aaa group server radius MY_RADIUS R1(config-sg-radius)#server 192.168.1.2 auth-port 1812 acct-port 1813 R1(config-sg-radius)#backoff exponential ? backoff-retry Exponential backoff retry number(default is 8) max-delay Max delay between retransmits(default is 3 min) <cr> R1(config-sg-radius)#deadtime ? <0-1440> Dead-time in minutes for this server group
Hope this helps!