https://community.cisco.com/t5/network-access-control/authentication-for-console-access/m-p/3083998#M23206 <P><SPAN class="fullname" itemprop="author"><A href="https://supportforums.cisco.com/users/mikehsueh-0" title="View user profile." class="username" lang="" about="/users/mikehsueh-0" typeof="sioc:UserAccount" property="foaf:name" datatype="">mikehsueh</A>,</SPAN><SPAN></SPAN></P> <P><SPAN class="fullname" itemprop="author"></SPAN></P> <P><SPAN class="fullname" itemprop="author">I suggest that you try creating a separate method list for line vty and remove&nbsp;<EM><STRONG><SPAN>aaa authentication enable default group tacacs+ enable</SPAN></STRONG></EM>&nbsp;from your current aaa configuration.</SPAN></P> <P></P> <P>For example:</P> <P></P> <P>no&nbsp;<SPAN>aaa authentication enable default group tacacs+ enable</SPAN></P> <P>aaa authentication login LINE-VTY group [method 1] [method2] [method 3]....</P> <P></P> <P>line vty 0 15</P> <P>&nbsp;login authentication LINE-VTY</P> <P></P> <P>*** Please rate and mark the comment correct if you find it helpful ***</P> Thu, 18 May 2017 18:15:09 GMT agapitca19 2017-05-18T18:15:09Z https://community.cisco.com/t5/network-access-control/authentication-for-console-access/m-p/3083997#M23205 <P>Hi ,</P> <P><SPAN>I have couple of switch’s configured for tatacs authentications.</SPAN></P> <P><SPAN>When i try to access using console, I am able to login using the local credentials but its not accepting the enable password.</SPAN></P> <P><SPAN>I can’t remove this command “aaa authentication enable default group tacacs+” that is for other users using VTY line .</SPAN></P> <P><SPAN>How do it bypass or disable so that console access doesn't prompt for enable password or take the enable password configured locally?</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>&nbsp;</SPAN></P> <P><SPAN>username admin privilege 15 password test123</SPAN></P> <P><SPAN>aaa new-model</SPAN></P> <P><SPAN>aaa authentication login default group tacacs+ </SPAN></P> <P><SPAN>aaa authentication login CONSOLE local</SPAN></P> <P><SPAN>aaa authentication enable default group tacacs+ enable</SPAN></P> <P><SPAN>line console 0</SPAN></P> <P><SPAN>&nbsp;login authentication CONSOLE</SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>thanks,</SPAN></P> Mon, 11 Mar 2019 07:37:00 GMT https://community.cisco.com/t5/network-access-control/authentication-for-console-access/m-p/3083997#M23205 Arvin.hsu 2019-03-11T07:37:00Z https://community.cisco.com/t5/network-access-control/authentication-for-console-access/m-p/3083998#M23206 <P><SPAN class="fullname" itemprop="author"><A href="https://supportforums.cisco.com/users/mikehsueh-0" title="View user profile." class="username" lang="" about="/users/mikehsueh-0" typeof="sioc:UserAccount" property="foaf:name" datatype="">mikehsueh</A>,</SPAN><SPAN></SPAN></P> <P><SPAN class="fullname" itemprop="author"></SPAN></P> <P><SPAN class="fullname" itemprop="author">I suggest that you try creating a separate method list for line vty and remove&nbsp;<EM><STRONG><SPAN>aaa authentication enable default group tacacs+ enable</SPAN></STRONG></EM>&nbsp;from your current aaa configuration.</SPAN></P> <P></P> <P>For example:</P> <P></P> <P>no&nbsp;<SPAN>aaa authentication enable default group tacacs+ enable</SPAN></P> <P>aaa authentication login LINE-VTY group [method 1] [method2] [method 3]....</P> <P></P> <P>line vty 0 15</P> <P>&nbsp;login authentication LINE-VTY</P> <P></P> <P>*** Please rate and mark the comment correct if you find it helpful ***</P> Thu, 18 May 2017 18:15:09 GMT https://community.cisco.com/t5/network-access-control/authentication-for-console-access/m-p/3083998#M23206 agapitca19 2017-05-18T18:15:09Z