If I have this:
aaa authentication login default grouptacacs+ local line none
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local none
username localadmin password 7 xxxxxxxxxxxx
enable secret 5 xxxxxxxxxxxxxxxx
And all tacacs+ servers are unreachable.
Authentication will revert to local, so I would need to use a locally defined username of localadmin to access the unit. Correct?
If I can login using the local username, doesn't the authorizaiton exec fail and I cannot get an exec shell as I have no locally defined authorization set up?
If so, how do I set it up so I can login locally (which I think I have setup), but can also get into enable mode if the tacacs+ server(s) are down?
Is exec shell the privlidged mode or just the shell you get when you login and you need to execute a enable command to get to exec shell?