https://community.cisco.com/t5/network-access-control/aaa-authentication-configuration/m-p/1300533#M343604 <HTML><HEAD></HEAD><BODY><P>Subodh </P><P></P><P>1) since there is no authentication list specified on the vty ports then they will use the default authentication. With aaa new-model the default for vty is local authentication. So the router should prompt for ID and password - and if you give the ID and password as configured then you should successfully access the vty.</P><P>2) since there is an authentication list specified for the console then the router will use the methods in the list when you access the console port. If the TACACS server is available then the router will authenticate using the server. If the server is not available then the router will authenticate with the local user ID and password. The router will not authenticate using the console password.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Mon, 27 Jul 2009 00:19:49 GMT Richard Burts 2009-07-27T00:19:49Z https://community.cisco.com/t5/network-access-control/aaa-authentication-configuration/m-p/1300532#M343582 <P>Hi,</P><P>If following configuration is done what will be effect?</P><P></P><P>aaa new-model</P><P>username operation priv 7 password cisco</P><P>enable secret cisco@1234</P><P>aaa authentication login TEST group tacacs+ local.</P><P>( tacacs+ server is down so local user database will be used)</P><P>line console 0</P><P>password Admin@login</P><P>aaa authentication TEST</P><P>line vty 0 4</P><P>password operatio@login.</P><P></P><P>case:</P><P>1: vty access : as there is no list or default configured telnet access will be denied. Or it will still ask aaa authentication username / password. Am I correct ?</P><P></P><P>case 2 : If connected to console port, first console password will be asked or directly username / password will be asked.</P><P></P><P>Please share the experience.</P><P>Thanks in advance. sorry cant try it on production devices. <span class="lia-unicode-emoji" title=":disappointed_face:">😞</span></P><P>Subodh </P> Sun, 10 Mar 2019 23:36:20 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-configuration/m-p/1300532#M343582 bapatsubodh 2019-03-10T23:36:20Z https://community.cisco.com/t5/network-access-control/aaa-authentication-configuration/m-p/1300533#M343604 <HTML><HEAD></HEAD><BODY><P>Subodh </P><P></P><P>1) since there is no authentication list specified on the vty ports then they will use the default authentication. With aaa new-model the default for vty is local authentication. So the router should prompt for ID and password - and if you give the ID and password as configured then you should successfully access the vty.</P><P>2) since there is an authentication list specified for the console then the router will use the methods in the list when you access the console port. If the TACACS server is available then the router will authenticate using the server. If the server is not available then the router will authenticate with the local user ID and password. The router will not authenticate using the console password.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Mon, 27 Jul 2009 00:19:49 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-configuration/m-p/1300533#M343604 Richard Burts 2009-07-27T00:19:49Z