Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

% Backup authentication

Hi,

I have configured accaunting with Tacacs on a 3560 as:

- aaa authentication login default group tacacs+ local none

everything works fine but when I let the tacacs go off-line (ip route to null0) I can still telnet in the 3560 using username and passwords defined on the tacacs server, an it promps me "% Backup authentication", is it correct? I would expect not to be possible to use the same credentials but it should allow the local user database

thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: % Backup authentication

Try removing "none", command should look like,

aaa authentication login default group tacacs+ local

- At this moment, I think this is happening,

-- Tacacs+ services not available, go for next method,

-- Local account (the username/password combination that you used does not exist on the local database), go for next method,

-- none (you are in)

Regards,

Prem

Please rate if it helps!

1 REPLY

Re: % Backup authentication

Try removing "none", command should look like,

aaa authentication login default group tacacs+ local

- At this moment, I think this is happening,

-- Tacacs+ services not available, go for next method,

-- Local account (the username/password combination that you used does not exist on the local database), go for next method,

-- none (you are in)

Regards,

Prem

Please rate if it helps!

1002
Views
0
Helpful
1
Replies
CreatePlease to create content