aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
was the lines that I had to enter but I missed the second line.Router asks me an user name and password but it does not accept my user name and password (console telnet and enable passswords also locally defined and being tried not working)
Did you configure a tacacs server? If not, it should roll over to the line password on the vty. Although, you should have went under your vty line and added "login authentication default" for it to check your AAA lines. (It may just have a password on the line.)
If you configured your tacacs server and the server is responding, it won't rollover to the next authentication method. You'll need to configure your login information on the tacacs server. I don't use tacacs, but if it's anything like radius, you'll have to tell the tacacs server the client address (the router address), and you'll need your username and password listed in tacacs, or have tacacs authenticate to something else: ldap, AD, etc.
I would just reload and start from scratch; it may be the easiest thing to do.
test by opening a new telnet session to the same device
I would use a named AAA method :
default method is applied automatically to line vty
aaa authentication login AAAlogin group tacacs+ line
so then you can add only to line vty
line vty 0 4
login authentication AAAlogin
in this way you don't lose the console
you need to break ip connectivity with the tacacs server if possible without losing ip connectivity to the device I was able to recover in some cases using this method (a /32 static route to null0 for the ip addres of the router on the next device to tacacs server to block return traffic from tacacs)
you can contact the tacacs+ server administrator and apply for a valid account (username and password) that you need to test the solution after all
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...