https://community.cisco.com/t5/network-access-control/aaa-commands/m-p/1608269#M257496 <P>Hi group ,</P><P>help me with the following aaa commands</P><P></P><P>1)aaa authentication login default group tacacs+ none</P><P>does it means if my tacacs server fails , the user will be authorized immediately (no authorization done ) as the next method list is "none"</P><P></P><P>2) aaa authentication enable default group tacacs+ enable</P><P>does this means if tacacs server is unavailable or fails to respond locally stored enable password will be used</P><P></P><P>3) if i issue this command " username admin&nbsp; password cisco " what will be the privilege assigned to it .(by default)</P><P></P><P>4) aaa authorization exec default group tacacs+ if-authenticated<BR />&nbsp;&nbsp;&nbsp; a) plz explain what this do in general<BR /> <BR />&nbsp;&nbsp;&nbsp; b) what happens if authentication is successful with tacacs server and i have implemented command authorization to authorize all commands entered . now imagine server goes down. will authorization be allowed or user will be locked ?</P><P></P><P>i hope i m clear in asking</P><P></P><P>thanks</P> Mon, 11 Mar 2019 00:49:24 GMT mirehteshamali 2019-03-11T00:49:24Z https://community.cisco.com/t5/network-access-control/aaa-commands/m-p/1608269#M257496 <P>Hi group ,</P><P>help me with the following aaa commands</P><P></P><P>1)aaa authentication login default group tacacs+ none</P><P>does it means if my tacacs server fails , the user will be authorized immediately (no authorization done ) as the next method list is "none"</P><P></P><P>2) aaa authentication enable default group tacacs+ enable</P><P>does this means if tacacs server is unavailable or fails to respond locally stored enable password will be used</P><P></P><P>3) if i issue this command " username admin&nbsp; password cisco " what will be the privilege assigned to it .(by default)</P><P></P><P>4) aaa authorization exec default group tacacs+ if-authenticated<BR />&nbsp;&nbsp;&nbsp; a) plz explain what this do in general<BR /> <BR />&nbsp;&nbsp;&nbsp; b) what happens if authentication is successful with tacacs server and i have implemented command authorization to authorize all commands entered . now imagine server goes down. will authorization be allowed or user will be locked ?</P><P></P><P>i hope i m clear in asking</P><P></P><P>thanks</P> Mon, 11 Mar 2019 00:49:24 GMT https://community.cisco.com/t5/network-access-control/aaa-commands/m-p/1608269#M257496 mirehteshamali 2019-03-11T00:49:24Z https://community.cisco.com/t5/network-access-control/aaa-commands/m-p/1608270#M257515 <HTML><HEAD></HEAD><BODY><P>1) If the TACACS+ server is unavailable authentication will succeed</P><P></P><P>2) The enable password stored in the router will be used if the TACACS+ server is not available</P><P></P><P>3) The user will be given privilege level 1</P><P></P><P>4) It will do exec authorization using TACACS+ and if the authentication server is not available then the authorization will succeed if the user has successfully authenticated. This does not involve command authorization, only exec.</P><P></P><P>Exec authorization means the user will be granted the privilege level handed by either the TACACS+ server or the local username/password database.</P></BODY></HTML> Sun, 13 Feb 2011 21:16:08 GMT https://community.cisco.com/t5/network-access-control/aaa-commands/m-p/1608270#M257515 Javier Henderson 2011-02-13T21:16:08Z