we have a lot of devices here configured to authenticate using TACACS. This all works fine. The documentation covering these devices could be improved however. One thing I was thinking of putting in that documentation, is the passwords that are configured when TACACS is not available.
Is there a way to test the local login credentials, without altering anything on the TACACS configuration?
I have used a similar approach to Horst's suggestion except with an upstream ACL blocking access to the TACACS server(s). The device should try and fail to authenticate via TACACS and then fall back to local authentication.
If I recall correctly, it takes about 30 seconds per configured TACACS server to mark it failed so be patient.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...