Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

no access to enable mode

Hi ,

I have a little issue with the tacacs config i'm using on  a 800 router

Cisco IOS Software, C880 Software (C880VOICE-UNIVERSALK9-M), Version 15.1(1)T3, RELEASE SOFTWARE (fc1)

this is my config :

enable secret 5 $1$MIIf$bu0Fy/LyqPkMWiq4oEtGk0

!

aaa new-model

!

!

aaa authentication login default group tacacs+ local-case

aaa authentication enable default group tacacs+ enable

aaa authentication ppp default group tacacs+ local-case

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa authorization configuration default group tacacs+

aaa accounting session-duration ntp-adjusted

aaa accounting nested

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa accounting resource default start-stop group tacacs+

!

!

aaa session-id common

username test privilege 15 secret 5 $1$3vP2$mQf09highvScq33jd9ffA.

ip tacacs source-interface Loopback0

!

!

tacacs-server host 10.10.3.10 key DrePE9&9uCRE9a!afRek

tacacs-server directed-request

line con 0

no modem enable

line aux 0

line vty 0 4

transport input all

So, when tacacs is not reachable, router must fallback to the local userdatabase, being the user "test".

I configure a router without any connection, just console,  I can login with username test, but I can't manage
to go to exec mode, even while my user is configured with privilege 15.

   %SYS-5-PRIV_AUTH_FAIL: Authentication to privilege level 15 failed by test on console

Thanks a lot in advance for your help,

Kind regards,

Pieter

Everyone's tags (3)
1467
Views
0
Helpful
0
Replies
CreatePlease login to create content