09-04-2009 05:28 PM - edited 03-10-2019 04:40 PM
Hey all,
I am a little confused.
I have the following commands on my device:
username blah privilege 15 secret 5 blah!@#$%%
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization commands 0 default group tacacs+
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
Everything works fine.
However when I bring down the TACACS server I am able to login into the device with the local username but it fails when I enter the enable command. How can I have access when in case of emergency that TACACS fails? I have researched online and have tried multiple commands. Is there anything I am missing? I do have an enable secret password configured as well. But don't even get a chance to enter. when entering "en" at > prompt:
% Authentication failed.
Thanks in advance for your help.
My testing has led to frustration.
:)
Solved! Go to Solution.
09-05-2009 05:21 AM
Hi Geo,
First please give the fall back method for command 0.
aaa authorization commands 0 default group tacacs+
add local
aaa authorization commands 0 default group tacacs+ local
Make sure you are putting in right enable password, try to reset it and give it a shot.
If issue is there then get the output of debug tacacs and debug aaa authentication
Regards,
~JG
Do rate helpful posts
09-05-2009 05:21 AM
Hi Geo,
First please give the fall back method for command 0.
aaa authorization commands 0 default group tacacs+
add local
aaa authorization commands 0 default group tacacs+ local
Make sure you are putting in right enable password, try to reset it and give it a shot.
If issue is there then get the output of debug tacacs and debug aaa authentication
Regards,
~JG
Do rate helpful posts
09-06-2009 12:59 PM
Thanks JG.
I completely overlooked that.
Thanks for pointing out.
I will give it a try and post results!
09-07-2009 07:11 AM
Also please make sure that in ACS , enable privilege for that user is set to 15.
Let me know how that goes.
Regards,
~JG
Do rate heplful posts
09-08-2009 04:36 AM
That did the trick!
:)
Thanks for your help.
All is working as it should be.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: