09-04-2009 05:28 PM - edited 03-10-2019 04:40 PM
Hey all,
I am a little confused.
I have the following commands on my device:
username blah privilege 15 secret 5 blah!@#$%%
aaa new-model
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization commands 0 default group tacacs+
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default stop-only group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
Everything works fine.
However when I bring down the TACACS server I am able to login into the device with the local username but it fails when I enter the enable command. How can I have access when in case of emergency that TACACS fails? I have researched online and have tried multiple commands. Is there anything I am missing? I do have an enable secret password configured as well. But don't even get a chance to enter. when entering "en" at > prompt:
% Authentication failed.
Thanks in advance for your help.
My testing has led to frustration.
:)
Solved! Go to Solution.
09-05-2009 05:21 AM
Hi Geo,
First please give the fall back method for command 0.
aaa authorization commands 0 default group tacacs+
add local
aaa authorization commands 0 default group tacacs+ local
Make sure you are putting in right enable password, try to reset it and give it a shot.
If issue is there then get the output of debug tacacs and debug aaa authentication
Regards,
~JG
Do rate helpful posts
09-05-2009 05:21 AM
Hi Geo,
First please give the fall back method for command 0.
aaa authorization commands 0 default group tacacs+
add local
aaa authorization commands 0 default group tacacs+ local
Make sure you are putting in right enable password, try to reset it and give it a shot.
If issue is there then get the output of debug tacacs and debug aaa authentication
Regards,
~JG
Do rate helpful posts
09-06-2009 12:59 PM
Thanks JG.
I completely overlooked that.
Thanks for pointing out.
I will give it a try and post results!
09-07-2009 07:11 AM
Also please make sure that in ACS , enable privilege for that user is set to 15.
Let me know how that goes.
Regards,
~JG
Do rate heplful posts
09-08-2009 04:36 AM
That did the trick!
:)
Thanks for your help.
All is working as it should be.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide