Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1742
Views
0
Helpful
1
Replies

Tacacs and CATOS

ijohnstone
Level 1
Level 1

‎06-02-2003 03:36 AM - edited ‎03-10-2019 07:19 AM

I am finding when the TACACS server is unavailable that when telnetting to the Catalyst (CATOS) switch I am being prompted for the username even after it tells you that the server is unavailable.

The TACACS configuration is;

set authentication login tacacs enable telnet primary

set authentication enable tacacs enable telnet primary

!

set authorisation exec enable tacacs+ if-authenticated telnet

set authorisation enable enable tacacs+ if-authenticated telnet

set authorisation commands enable all if-authenticated telnet

Also can you telnet directly into the enable mode if you are authenticated to do so based on your username/password.

Labels:
0 Helpful
1 Reply 1

mhoda
Level 5
Level 5

‎06-02-2003 09:27 AM

Hi,

Do you have authentication login tacacs on to lets say line/enable password as secondary? It should only ask you for the password not the uname/password when ACS server is down. What version of code are you running?

Regarding your second q. yes it is possible to go to enable mode directly, but for that you need to have "shell/exec" checked and priv-lvl set to 15.

I hope this helps. Thanks,

Mynul

0 Helpful
Customers Also Viewed These Support Documents