I have router that using ACS for its authentication login via telnet (VTY). I put the local as the second method. But whenever the ACS is offline, i can login into the router using any word i type in the username prompt. This is my configuration:
aaa authentication login CMD-LOGIN group tacacs+ local none
username cisco321 secret 5 $1$lfUc$Xnf9.emDl.QFRWt/NSEjU0
line vty 0 15
login authentication CMD-LOGIN
Am i missing something in the configuration? why isn't the router use the local username and password as the second method ?