Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Console Access Authentication Question?

I've enabled TACACS+ authentication for telneting into PIX and managing it by entering.

aaa -server MYTACACS protocol tacacs+

aaa-server MYTACACS (inside) host 10.1.1.1 secretkey timeout 15

aaa authentication telnet console MYTACACS

aaa authentication enable console MYTACACS

How can ensure that I can still telnet into PIX and manage it by using local credentials if (and only if) the tacacs+ server is down.

Thanx,

1 REPLY
Community Member

Re: Console Access Authentication Question?

If an aaa authentication http console group_tag command statement is not defined, you can gain access to the PIX Firewall (via PDM) with no username and the PIX Firewall enable password (set with the password command). If the aaa command is defined but the HTTP authentication requests a time out, which implies the AAA servers may be down or not available, you can gain access to the PIX Firewall using the username pix and the enable password. By default, the enable password is not set.

105
Views
0
Helpful
1
Replies
CreatePlease to create content