Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA authentication command

hi,

If we have following aaa authentication command on router

aaa new-model

aaa authentication enable default group tacacs+

what will be the result?

What does key word default indicates? ( If it's list name we can apply this list to vty lines. Here only one parameter for enable authentication is configured and that is tacacs+ server, if tacacs+ server is down or not reachable what will happen? Please correct if I am wrong.)

Please share the experience.

Thanks in advance.

subodh

1 REPLY

Re: AAA authentication command

Detailed explanation:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1059168

aaa authentication enable default group tacacs+ none, that will prevent from getting locked out the password used is wrong.

If the tacacs fails, meaning not being reachable then it should fallback to local even without the none keyword at the end.

142
Views
0
Helpful
1
Replies