Is it possible to have both tacacs+ and local login running on the Nexus Platform, without the tacacs+ failing to reach the server and local login then accepted? We are managing devices for a client and they are using tacacs+ authentication but we need to have a local login running as well so that we can connect with Cisco Works to pull configs etc, but Cisco works has a default username and password to connect in, thus the local account. We need to be able to have either method work at the same time.
In general it is not possible to use TACACS for authentication and at the same time also use local authentication. But there are ways to achieve this. You could configure the default authentication method to use TACACS (probably with local as a backup method) and also configure another named authentication method which uses only local authentication. You let most of the vty ports use the default authentication method and you configure a single vty port to use the alternate named authentication method. So when you connect to that one vty it will use local username but other vty will use TACACS.
So then the challenge is how to have Cisco Works use the different vty port? A technique that I have used is to configure most of the vty to use only SSH and to configure the one vty to use telnet. Then you configure Cisco Works to use telnet. I have used this and it worked (on regular IOS devices). I have not used this on Nexus but I assume that it would also work on the Nexus.
A best practice approach would be to create a service account in the TACACS+ server identitity store (local or AD or whatever). The management system then uses the service account to loginto devices with TACACS authentication.
CiscoWorks LMS (or Prime LMS) can use multiple credential sets.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.