08-03-2010 02:57 AM - edited 03-10-2019 05:18 PM
We have implemented AAA on all our internal switches, and all is working well.. primary login is sent to ACS server, and if unavailable local credentials are used. The one exception is out 6509 VSS switch. If you SSH the switch all is correct, however if you console into the switch it does not use the ACS server, only the local credentials.
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 0 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
08-06-2010 10:08 AM
Can you post the line con 0 configuration?
08-06-2010 11:53 AM
There is nothing under it..
08-06-2010 12:22 PM
If there is nothing under it then the default authentication method should apply.
Please enable:
debug aaa authen
debug tacacs
then paste the output of trying to log in on the console.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide