https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949308#M208464 <P>I'm sure something is missing, but I've given it a stab and cant figure it out. Scenario: I am configuring a switch to be sent to a site. I have my cookie cutter config on it and its not connected to the network. When I login via ssh cable between laptop and switch - in it takes a really long time before I can get to privileged EXEC mode. I'm sure it is because the request to login can not communicate with the tacacs server. So I ask given the below config. What can I change to speed up the login for a device that can not communicate with tacacs?</P><P></P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ local</P><P>aaa authentication enable default group tacacs+ enable</P><P>aaa authorization config-commands</P><P>aaa authorization exec default group tacacs+ if-authenticated </P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P>aaa session-id common</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 01:57:57 GMT bret 2019-03-11T01:57:57Z https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949308#M208464 <P>I'm sure something is missing, but I've given it a stab and cant figure it out. Scenario: I am configuring a switch to be sent to a site. I have my cookie cutter config on it and its not connected to the network. When I login via ssh cable between laptop and switch - in it takes a really long time before I can get to privileged EXEC mode. I'm sure it is because the request to login can not communicate with the tacacs server. So I ask given the below config. What can I change to speed up the login for a device that can not communicate with tacacs?</P><P></P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ local</P><P>aaa authentication enable default group tacacs+ enable</P><P>aaa authorization config-commands</P><P>aaa authorization exec default group tacacs+ if-authenticated </P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P>aaa session-id common</P><P></P><P>Thanks!</P> Mon, 11 Mar 2019 01:57:57 GMT https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949308#M208464 bret 2019-03-11T01:57:57Z https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949309#M208465 <HTML><HEAD></HEAD><BODY><P>I suggest reducing "tacacs-server timeout" and "tacacs-server retransmits".</P><P></P><P>It takes a long time because the IOS will retry and wait before declaring tacacs server dead. Reducing those timers, will reduce wait time.</P><P></P><P>Nicolas</P></BODY></HTML> Mon, 02 Apr 2012 18:41:46 GMT https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949309#M208465 Nicolas Darchis 2012-04-02T18:41:46Z https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949310#M208466 <HTML><HEAD></HEAD><BODY><P> That didnt work Nicholas. I think the "tacacs-server retransmit" was depricated in 12.2 its not an option. I have tried the following and still nogo.</P><P></P><P>tacacs-server host x.x.x.x single-connection timeout 3</P><P>tacacs-server timeout 3</P><P></P><P>I timed it and it takes 10-30 seconds after I login before I get password prompt</P><P>when i put the password in it takes 10 seconds and puts me in user EXEC mode</P><P>I type enable and it takes 1 minute before I get a login prompt.</P><P></P><P>I thought since this was a new switch with time not configured that was the problem, so I configured it and still nogo. This is not a big deal it just bothers me not having an answer. Thanks for your help.</P></BODY></HTML> Mon, 02 Apr 2012 19:45:38 GMT https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949310#M208466 bret 2012-04-02T19:45:38Z https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949311#M208467 <HTML><HEAD></HEAD><BODY><P>You should try the "deadtime" command, by default = 0.</P><P></P><P></P><P>aaa group server tacacs ACS</P><P> server 10.10.10.10</P><P> deadtime 1</P><P></P><P>Please rate if it helps. Kind regards</P></BODY></HTML> Mon, 02 Apr 2012 21:02:57 GMT https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/1949311#M208467 Eduardo Aliaga 2012-04-02T21:02:57Z https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/3412687#M208468 <P>Since the device is not yet in the network, it's obvious that it wont reach tacacs servers specified(if specified, i don't see commands&nbsp;tacacs-server host x.x.x.x that specifies the servers) , the device will then hang till the it reaches tacacs timeout. i prefer leaving tacacs out until i confirm that i can reach tacacs servers when the device in the network.&nbsp;</P> Mon, 09 Jul 2018 14:29:49 GMT https://community.cisco.com/t5/network-access-control/aaa-has-slow-login-when-device-is-not-attached-to-network/m-p/3412687#M208468 naivel.molewa 2018-07-09T14:29:49Z