Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3452
Views
0
Helpful
4
Replies

aaa authentication picking method list question

Go to solution
mahesh18
Level 6
Level 6

‎08-22-2013 08:39 PM - edited ‎03-07-2019 03:04 PM

Hi Everyone,

Switch has aaa config below

3550SMIB#sh run | inc aaa

aaa new-model

aaa authentication login default group tacacs+ enable local ---1

aaa authentication login TAC1 group radius group tacacs+ local enable--2

aaa session-id common

Line vty 0 15 has no login authentication commands

If i telnet to switch it ask for enable password only.

Is this picking up enable password from line 1 or 2?

As per me it should ask for local pw as per line it it should go for more precise method of TAC1 and ask for local username and pw correct me  if i am wrong?

Regards

MAhesh

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Rolf Fischer
Level 9
Level 9

‎08-23-2013 02:08 AM

Hi Mahesh,

Line vty 0 15 has no login authentication commands

in this case, the default authentication list (1) is used. The method-order of your default auth list is (1) TACACS; (2) enable password; (3) local user-database, the order of auth list "TAC1" is different.

If you want to change the auth list on your vtys, you can configure:

(config-line)#login authentication TAC1

Does that answer your question?

Best regards

Rolf

View solution in original post

0 Helpful

Go to solution
Rolf Fischer
Level 9
Level 9

‎08-23-2013 07:58 AM

Look at the order of enable and local (behind TACACS which is first for both lists)


Sent from Cisco Technical Support Android App

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Rolf Fischer
Level 9
Level 9

‎08-23-2013 02:08 AM

Hi Mahesh,

Line vty 0 15 has no login authentication commands

in this case, the default authentication list (1) is used. The method-order of your default auth list is (1) TACACS; (2) enable password; (3) local user-database, the order of auth list "TAC1" is different.

If you want to change the auth list on your vtys, you can configure:

(config-line)#login authentication TAC1

Does that answer your question?

Best regards

Rolf

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Rolf Fischer

‎08-23-2013 07:42 AM

Hi Rolf,

When you say the order of auth list "TAC1" is different can you please explain what you mean by this?

Regards

Mahesh

0 Helpful

Go to solution
Rolf Fischer
Level 9
Level 9

‎08-23-2013 07:58 AM

Look at the order of enable and local (behind TACACS which is first for both lists)


Sent from Cisco Technical Support Android App

0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Rolf Fischer

‎08-23-2013 07:59 AM

Got it.

Regards

MAhesh

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card