×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Default password is working with Tacacs+ switch

Unanswered Question
Oct 13th, 2013
User Badges:

Hello all,


i`ve been facing some issues lately.

we use tacacs+ for our switches to authenticate and authorize. But we noticed that no matter username is, when we type password "cisco" we can log in to switch.

Anyone faced this issue before or know why it is like this?


login as: cisco

Using keyboard-interactive authentication.

password:

Using keyboard-interactive authentication.

Password:



************************* WARNING MESSAGE *************************

* USE OF THIS SYSTEM IS RESTRICTED TO AUTHORISED USERS ONLY.      *

* UNAUTHORISED ACCESS OR USE IS PROHIBITED. YOU MUST HAVE         *

* EXPLICIT PERMISSION TO ACCESS THIS DEVICE. YOUR ACTIONS ON THIS *

* SYSTEM IS LOGGED AND VIOLATORS WILL BE PROSECUTED.              *

*                      AUTHORISED USE ONLY                        *

************************* WARNING MESSAGE *************************



switch1>

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cadet alain Mon, 10/14/2013 - 00:33
User Badges:
  • Purple, 4500 points or more

Hi,


Can you post your config.


Regards


Alain



Don't forget to rate helpful posts.

telmuun erdenebaatar Mon, 10/14/2013 - 04:22
User Badges:

Hello,


Below is my configuration for log in:

aaa authentication login VTY-LOGIN group TACACS local-case enable

aaa authentication login CONSOLE group TACACS local-case none

aaa authentication enable default group TACACS enable line none

aaa authorization exec EXEC-AUTH group TACACS if-authenticated local none

aaa authorization commands 1 COMMANDS-1-AUTH group TACACS if-authenticated local none

aaa authorization commands 15 COMMANDS-15-AUTH group TACACS if-authenticated local none

aaa accounting exec EXEC-ACCOUNTING start-stop group TACACS

aaa accounting commands 1 COMMANDS-1-ACCT start-stop group TACACS

aaa accounting commands 15 COMMANDS-15-ACCT start-stop group TACACS

cadet alain Mon, 10/14/2013 - 05:04
User Badges:
  • Purple, 4500 points or more

Hi,


Can you perform debug aaa authentication while login and post output here.


Regards


Alain



Don't forget to rate helpful posts.

Richard Burts Mon, 10/14/2013 - 05:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

I believe that the output of show tacacs might be helpful.


HTH


Rick

cadet alain Mon, 10/14/2013 - 05:51
User Badges:
  • Purple, 4500 points or more

Hi,

yes indeed you're right Richards and this was going to be my next request  after viewing the debug output.


Regards


Alain



Don't forget to rate helpful posts.

Actions

This Discussion

Related Content