topic Re: AAA authentication command in Network Access Control https://community.cisco.com/t5/network-access-control/aaa-authentication-command/m-p/1283388#M343693 <HTML><HEAD></HEAD><BODY><P>Detailed explanation:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1059168" target="_blank">http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1059168</A></P><P></P><P>aaa authentication enable default group tacacs+ none, that will prevent from getting locked out the password used is wrong.</P><P></P><P>If the tacacs fails, meaning not being reachable then it should fallback to local even without the none keyword at the end.</P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 23 Jul 2009 04:25:39 GMT Lucien Avramov 2009-07-23T04:25:39Z AAA authentication command https://community.cisco.com/t5/network-access-control/aaa-authentication-command/m-p/1283387#M343586 <P>hi,</P><P>If we have following aaa authentication command on router</P><P>aaa new-model</P><P>aaa authentication enable default group tacacs+</P><P></P><P>what will be the result?</P><P>What does key word default indicates? ( If it's list name we can apply this list to vty lines. Here only one parameter for enable authentication is configured and that is tacacs+ server, if tacacs+ server is down or not reachable what will happen? Please correct if I am wrong.)</P><P>Please share the experience.</P><P>Thanks in advance.</P><P>subodh</P> Sun, 10 Mar 2019 23:36:15 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-command/m-p/1283387#M343586 bapatsubodh 2019-03-10T23:36:15Z Re: AAA authentication command https://community.cisco.com/t5/network-access-control/aaa-authentication-command/m-p/1283388#M343693 <HTML><HEAD></HEAD><BODY><P>Detailed explanation:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1059168" target="_blank">http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_a1.html#wp1059168</A></P><P></P><P>aaa authentication enable default group tacacs+ none, that will prevent from getting locked out the password used is wrong.</P><P></P><P>If the tacacs fails, meaning not being reachable then it should fallback to local even without the none keyword at the end.</P><P></P><P></P><P></P><P></P></BODY></HTML> Thu, 23 Jul 2009 04:25:39 GMT https://community.cisco.com/t5/network-access-control/aaa-authentication-command/m-p/1283388#M343693 Lucien Avramov 2009-07-23T04:25:39Z