Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Why this behavor with "login tacacs"?

On my 3750 switch, I create:

#username local secret cisco

#line console 0

password ciscoline

login tacacs

Then I telnet into the switch (via a terminal server).

I get prompt:

Username:

I type "local".

I do not even have a chance to type the password, and then I get:

Username:local

Password:

% Login invalid

Anyone has seen this before?

My intention is that if there is no tacacs system configured, then I would automatically authenticate using the 'local' user and password 'cisco'.

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Bronze

Re: Why this behavor with "login tacacs"?

If that's your intention, you should use aaa new-model instead.

For instance:

aaa new-model

aaa authentication login default group tacacs+ local

The 'login tacacs' procedure you have, does not have the failover mechanism provided on aaa new-model.

HTH,

__

Edison.

1 REPLY
Hall of Fame Super Bronze

Re: Why this behavor with "login tacacs"?

If that's your intention, you should use aaa new-model instead.

For instance:

aaa new-model

aaa authentication login default group tacacs+ local

The 'login tacacs' procedure you have, does not have the failover mechanism provided on aaa new-model.

HTH,

__

Edison.

115
Views
0
Helpful
1
Replies