default password for when the server is unreachable

Answered Question
Feb 4th, 2008
User Badges:

Hi I have recently configured AAA. when the server is running everything is fine but when the server is unreachable i'm locked out. How can I put a default username and password on for when the server is unreachable


Thanks

Correct Answer by Richard Burts about 9 years 4 months ago

James


There are several ways to configure AAA so that you are not locked out if the server is not available. You can use a locally configured user name, as you suggest here, or you can use the configured line passwords.


To use a locally configured user your configuration might look something like this:

user rick password cisco

aaa authentication login default group tacacs+ local


Or to use the line passwords as a backup your config might look something like this:

aaa authentication login default group tacacs+ line


You also probably need a backup for access to privilege mode. This is usually done using the locally configured enable secret. To do this the configuration might look something like this:

aaa authentication enable default group tacacs+ enable


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Richard Burts Mon, 02/04/2008 - 04:41
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

James


There are several ways to configure AAA so that you are not locked out if the server is not available. You can use a locally configured user name, as you suggest here, or you can use the configured line passwords.


To use a locally configured user your configuration might look something like this:

user rick password cisco

aaa authentication login default group tacacs+ local


Or to use the line passwords as a backup your config might look something like this:

aaa authentication login default group tacacs+ line


You also probably need a backup for access to privilege mode. This is usually done using the locally configured enable secret. To do this the configuration might look something like this:

aaa authentication enable default group tacacs+ enable


HTH


Rick

Actions

This Discussion