I am looking for help on what happens with the below example if the TACACS server fails and you try to console into the device. I am assuming that the next order would be "aaa authentication login line-only line" but I'm not understanding what the "line-only" means. I can't find that reference in any of the docs.
aaa authentication login default group tacacs+ enable
aaa authentication login line-only line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
You have two AAA groups setup; default and line-only. Depending on which one you apply to the console will determine how you authenticate. If you choose default, it will try TACACS first then fail to the enable password. If you use line-only, you will use the password assigned under the console configuration.
If there is no AAA group assigned, it will not use a password to enter user mode, it will just let you in. To enter privilege mode, you will have to enter the enable password. It's a good practice to configure AAA and use local authentication as a minimum. That way console connections must enter a username and password to gain access.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...