Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA authentication problem

I've setup my AAA config as follows "aaa authentication login default group tacacs+ enable". When I test config with SSH (ACS turned off)to the router I cannot login using the enable password. The same does not work when trying to connect with Con0. How can I correct this problem. Forum help is much appreciated, thanks all.

2 REPLIES
Gold

Re: AAA authentication problem

You have authorization only with tacacs+, can you try following command

aaa authorization exec default group tacacs+ none

M.

Hall of Fame Super Silver

Re: AAA authentication problem

I agree that the configuration of aaa authentication login looks ok (I would probably use line as the alternative method instead of enable - but it should work with either) and that the issue is the configuration of authorization:

aaa authorization exec default group tacacs+

this provides no alternative method. And I suspect that if you look carefully at the error message when you attempt to login without TACACS the error is actually about authorization rather than about authentication. The suggestion of:

aaa authorization exec default group tacacs+ none

should be ok. I have used this way with success:

aaa authorization exec default group tacacs+ if-authenticated

HTH

Rick

244
Views
4
Helpful
2
Replies