Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

aaa authentication picking method list question

Hi Everyone,

Switch has aaa config below

3550SMIB#sh run | inc aaa

aaa new-model

aaa authentication login default group tacacs+ enable local ---1

aaa authentication login TAC1 group radius group tacacs+ local enable--2

aaa session-id common

Line vty 0 15 has no login authentication commands

If i telnet to switch it ask for enable password only.

Is this picking up enable password from line 1 or 2?

As per me it should ask for local pw as per line it it should go for more precise method of TAC1 and ask for local username and pw correct me  if i am wrong?

Regards

MAhesh

  • LAN Switching and Routing
2 ACCEPTED SOLUTIONS

Accepted Solutions

Re: aaa authentication picking method list question

Hi Mahesh,

Line vty 0 15 has no login authentication commands

in this case, the default authentication list (1) is used. The method-order of your default auth list is (1) TACACS; (2) enable password; (3) local user-database, the order of auth list "TAC1" is different.

If you want to change the auth list on your vtys, you can configure:

(config-line)#login authentication TAC1

Does that answer your question?

Best regards

Rolf

Re:aaa authentication picking method list question

Look at the order of enable and local (behind TACACS which is first for both lists)


Sent from Cisco Technical Support Android App

4 REPLIES

Re: aaa authentication picking method list question

Hi Mahesh,

Line vty 0 15 has no login authentication commands

in this case, the default authentication list (1) is used. The method-order of your default auth list is (1) TACACS; (2) enable password; (3) local user-database, the order of auth list "TAC1" is different.

If you want to change the auth list on your vtys, you can configure:

(config-line)#login authentication TAC1

Does that answer your question?

Best regards

Rolf

New Member

aaa authentication picking method list question

Hi Rolf,

When you say the order of auth list "TAC1" is different can you please explain what you mean by this?

Regards

Mahesh

Re:aaa authentication picking method list question

Look at the order of enable and local (behind TACACS which is first for both lists)


Sent from Cisco Technical Support Android App

New Member

aaa authentication picking method list question

Got it.

Regards

MAhesh

223
Views
0
Helpful
4
Replies