Tacacs and authentication on Cisco routers

400 pts.
Tags:
ACS
Authentication
Cisco Routers
Radius
Telnet
We have ACS 3.X server for tacacs + and radius authentication in our lan switches. right now i am able to login through tacacs+ only. I want to enable tacacs+ as well as local telnet login . This will help me to login in switches if the tacacs will fail.



Software/Hardware used:
cisco routers and switches cisco acs

Answer Wiki

Thanks. We'll let you know when a new response is added.

It should be as simple as adding the word “local” to the end of your “aaa authentication” statement in your router. “local” is a method for authentication that uses local accounts. Your first method would be “group tacacs+”

aaa authentication login {default | list-name} { method1 [method2…]}

See the following link for more information:
<a href=”http://www.cisco.com/en/US/customer/docs/ios/security/command/reference/sec_a1.html#wp1088074″>http://www.cisco.com/en/US/customer/docs/ios/security/command/reference/sec_a1.html#wp1088074</a>

Note this is from IOS 12.4 Mainline command reference guide. Earlier versions have slightly different syntax.

Hope this helps!

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Ekansh
    Thanks But When i remove the entry for my switch from ACS Server that time i could not able to login through local username and passwords. Please find below my switch configuration aaa new-model aaa authentication login default group tacacs+ local aaa authorization config-commands aaa authorization exec default group tacacs+ none aaa authorization commands 15 default group tacacs+ local enable secret 5 xyz enable password xyz ! username nitin password 7 nitin tacacs-server host 192.168.7.20 tacacs-server host 192.168.7.21 tacacs-server key xyz line vty 0 4 transport input telnet login default
    400 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following