If I have my con, aux and vty lines configured with password and "login" before, once I add tacacs to the router, the word "login" disappeared from the config under the con,aux and vty lines.
From the command lookup tool, it says login cannot be used with tacacs and it suggests "login authentication default" command instead.
My question is, after I added tacacs and my "login" disappeared, if I didn't add "login authentication default", what will happen? My tacacs comes from the WAN interface, so if my WAN interface goes down, and if I don't have the "login authentication default" under the lines and the passwords were set, what will happen? Will I still be able to login to the router such as going thru modem via aux port? Will I get prompted for entering password? or will I get lockout and won't be able to get in the router altogether?
thanks for your help.
I am glad that you appreciate my explanations. I like to do them and I really enjoy it when others appreciate them and find them useful.
Here are my responses to your points:
1) yes it is already activated. No you do not need to add it if you are accepting the default. Yes all three (console, aux, vty) will operate with the default if you do not configure login authentication ... under those three lines.
2) This is a bit subtle. Cisco has a long history of allowing you to configure things that are the default. Why does it allow you to configure "speed auto" and "duplex auto" on FastEthernet interfaces, or why does it allow you to configure "keepalive 10" on serial interfaces, or why does it allow you to configure "ip routing" on a router? Essentially it allows you to configure the default so that you can restore the default if you have changed it and want to go back. So if you had configured login authentication console and then decided it was not useful and you want to go back then you can configure login authentication default.
3) Yes if you want to have a different login method then it takes 2 commands to do that. One is the login authentication command under the line and the second is to define the aaa authentication login
So I think that you pretty well get it.