03-11-2003 12:01 AM - edited 03-10-2019 07:11 AM
Hi,
we are using tacacs while normal operation but we want to be able to have two console passwords for troubleshooting if connectivity is lost
In many cases we are not onsite in case of an error and in such a situation we want to give a temporary access to any other person (eg. the customer technician or any other technician of our enterprise who drives to the customer). This specific password will be changed afterwards but we do not want to give this person our own console-password which is the same on all boxes, else we would need to change our password every week on every box.
Is there any solution for having two different passwords with completely full authorization (full rights) without connectivity to a tacacs-server?
Regards,
Chris
03-11-2003 03:33 AM
If you are using aaa new-model for authenticating users on the cisco box, you can define a user with level 15 access with the user command:
username test-user privilege 15 password ...
The you can modify the aaa authentication command to check first the tacacs server then the local username database in case the tacacs server is unreachable:
aaa authentication login default group tacacs+ local
As long as the tacacs server is reachable the local password is not checked, so all logins are authenticated by the server.
03-11-2003 04:14 AM
This is also what I thought, but at the moment I have the problem that if I enter the following config-commands I do not automatically enter privilege level 15 after the login. So the user still needs a enable-password for getting privilege15.
aaa authentication login console local
aaa authorization exec console local
username test privilege 15 password test
line con 0
authorization exec console
login authentication console
The user test still gets only the privilege-level 1 and not 15. So the user test still needs my enable secret password for level 15-commands which is not what I wanted.
Regards
Chris
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: