cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
11271
Views
1
Helpful
16
Replies

AAA configuration on switches 2960

carolinac
Level 1
Level 1

Hi

I have introduced the following configuration of AAA in the switches of series 2950 and works very well,

but when I do the same in switches 2960, the local password does not work and it is obligatory to introduce the switch in the ACS to have management of the switch.

Is needed some additional configuration of AAA in switches 2960?

Thanks.

tacacs-server host y.y.y.y

tacacs-server key xxxxx

aaa new-model

aaa authentication login acceso-consola group tacacs+ line

aaa authentication login acceso-telnet group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

!

line con 0

exec-timeout 0 0

login authentication acceso-consola

line vty 0 4

login authentication acceso-telnet

16 Replies 16

Hi,

You mentioned in a previous post that if you add it to the acs you can login fine.

I might have missed your answer in your previous post but can you:

1. login and see if you've setup a local username and password in the switch.(you'll need to add switch to ACS)

2. You get no prompt from console or telnet?

These 2 lines below note that if tacacs fails(and only if the switch cannot communicate with ACS) that it will default to using ONLY the password configured on CON 0 or VTY lines.

If you have a local username and password configured and you substituted LOCAL for LINE in your config then you would use that username and password IF the ACS failed.

*********************************************

aaa authentication login acceso-consola group tacacs+ line

aaa authentication login acceso-telnet group tacacs+ line

*********************************************

You might already know the stuff I mentioned but I need to address it just in case you aren't familiar with it.

Craig

Hi,

I know you mentioned that you used the same config on your 2950's and your 2960's but is it possible to post the config from the same 2950 that you just did the debug on?

Thanks,

Craig

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: