08-11-2003 01:32 PM - edited 03-10-2019 07:26 AM
I have AAA pointing to ACS 3.1 and works fine. In case it's ever down, I want to use the line and enable passwords as a backup. I think I have it working properly but if someone else is using this method, can you confirm I have this right:
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
The authorization with "if-authenticated" is the only way I can figure out how to allow exec privleges if I have to use the line and enable passwords. Otherwise it gives me an authorization failed error after trying to authenticate.
08-12-2003 09:20 PM
This looks fine. Instead of "if-authenticated" you could use "none" so that there'll be no authorization done if the TACACS server is not available, either one will work for you.
08-13-2003 09:55 AM
That will work. Thanks for the response.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide