If following configuration is done what will be effect?
username operation priv 7 password cisco
enable secret [email protected]
aaa authentication login TEST group tacacs+ local.
( tacacs+ server is down so local user database will be used)
line console 0
password [email protected]
aaa authentication TEST
line vty 0 4
password [email protected].
1: vty access : as there is no list or default configured telnet access will be denied. Or it will still ask aaa authentication username / password. Am I correct ?
case 2 : If connected to console port, first console password will be asked or directly username / password will be asked.
Please share the experience.
Thanks in advance. sorry cant try it on production devices. :(
1) since there is no authentication list specified on the vty ports then they will use the default authentication. With aaa new-model the default for vty is local authentication. So the router should prompt for ID and password - and if you give the ID and password as configured then you should successfully access the vty.
2) since there is an authentication list specified for the console then the router will use the methods in the list when you access the console port. If the TACACS server is available then the router will authenticate using the server. If the server is not available then the router will authenticate with the local user ID and password. The router will not authenticate using the console password.