Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

TACACS+ Configuration...

Below is a sample of my current config. I have no problems logging on via a TACACS username and password. In fact, that is what I want to do for remote administration. My problem is that I want to be able to have the console password prompt (prompt for an enable password) when their is no connectivity to the TACACS server or when I am directly connectly via console cable. The problem that happens when I try to logon via the console cable is that the 3500XL Switch will prompt me for my TACACS info and not the enable password. Any help would do! Thanks!

Brandon

aaa new-model

tacacs host 192.168.1.25

aaa authentication login default group tacacs+ line

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated none

aaa authorization network default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default wait-start group tacacs+

aaa accounting commands 15 default wait-start group tacacs+

1 REPLY
New Member

Re: TACACS+ Configuration...

if you always want to use the enable password on the console you need another authentication list, such as:

aaa authentication login con_login enable

and attach it to the console

line con 0

login authentication con_login

if you want to use the enable password when the TAC+ server is down just replace "line" with "enable" :

aaa authentication login default group tacacs+ enable

All the Best,

Martin

171
Views
0
Helpful
1
Replies
CreatePlease to create content