Fallback Password problems (3550 &2950)

Unanswered Question
Apr 12th, 2002
User Badges:

I realy belive I've missed something. When the 3500 &2950 switches loose conection to the tacacs+server I cannot get access. The switch is'nt giving me the option to use the fallback. The following is a selection og the configs.


logging buffered 10000 debugging

no logging console

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login no_tacacs enable

aaa authentication ppp default group tacacs+

aaa authorization exec default group tacacs+

aaa authorization network default group tacacs+

aaa accounting exec default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+


and at the vty line -


line vty 0 4

password whatever

line vty 5 15

password whatever1


What am I missing ? Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Erick Bergquist Sun, 04/14/2002 - 19:21
User Badges:
  • Silver, 250 points or more

You need to add a 'local' to end of aaa commands. You'll also need a username configured for each user.


username x password y


aaa new-model

aaa authentication login default group tacacs+ local


OR you can make the vty lines authenticate locally only:


aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login NO_AUTH none

!

line vty 0 4

login authentication NO_AUTH


Actions

This Discussion