I have AAA pointing to ACS 3.1 and works fine. In case it's ever down, I want to use the line and enable passwords as a backup. I think I have it working properly but if someone else is using this method, can you confirm I have this right:
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
The authorization with "if-authenticated" is the only way I can figure out how to allow exec privleges if I have to use the line and enable passwords. Otherwise it gives me an authorization failed error after trying to authenticate.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...