AAA authentication command

Unanswered Question
Jul 22nd, 2009
User Badges:

hi,

If we have following aaa authentication command on router

aaa new-model

aaa authentication enable default group tacacs+


what will be the result?

What does key word default indicates? ( If it's list name we can apply this list to vty lines. Here only one parameter for enable authentication is configured and that is tacacs+ server, if tacacs+ server is down or not reachable what will happen? Please correct if I am wrong.)

Please share the experience.

Thanks in advance.

subodh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Lucien Avramov Wed, 07/22/2009 - 21:25
User Badges:
  • Red, 2250 points or more

Detailed explanation:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1059168


aaa authentication enable default group tacacs+ none, that will prevent from getting locked out the password used is wrong.


If the tacacs fails, meaning not being reachable then it should fallback to local even without the none keyword at the end.





Actions

This Discussion