Cisco devices login using Radius/2FA & Local

I want to access my Cisco devices using 2FA(Radius+LoginTC) as primary login and secondary as Local login, there should be time out between 2FA and Local access, Incase 2FA is down and also is it possible to configure this setup based on interface ( wan or LAN)… if possible, please share sample configuration

Hi Sivakumar,

Here’s an example how to use AAA authentication with local fallback:

You can change the backoff algorithm and deadtime for each server if you want:

R1(config)#aaa new-model                                   
R1(config)#aaa group server radius MY_RADIUS
R1(config-sg-radius)#server auth-port 1812 acct-port 1813

R1(config-sg-radius)#backoff exponential ?
  backoff-retry  Exponential backoff retry number(default is 8)
  max-delay      Max delay between retransmits(default is 3 min)

R1(config-sg-radius)#deadtime ?
  <0-1440>  Dead-time in minutes for this server group

Hope this helps!