Is it possible to configure switches to allow telnet when AAA servers are down? I can get into switches via console cable with both servers down since the switch will failover to the enable password. Is it possible to have telnet sessions failover as well? If for some reason both servers should go down I would like to still be able to telnet to devices using vty passwords.
I would like to offer a refinement of the suggestion from Colin which I think will fit your stated requirements a bit better. Colin suggested:
aaa authentication login myco_tacacs group tacacs+ local
and I would suggest:
aaa authentication login default group tacacs+ line
The suggestion from Colin specifies a named method of myco_tacacs and you would need to specify this under the vty lines
login authentication myco_tacacs
whereas if you make it the default then no additional configuration is required under the vty. And Colin's suggestion would require configuration of local IDs and passwords where you asked about using the line passwords.
Note that the suggestion from Goutam would force all authentication to use the local configured IDs and passwords and would not use your AAA servers at all.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :