https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725486#M421073 <HTML><HEAD></HEAD><BODY><P>SAK Mohan,</P><P></P><P>Are you authenticating against local or line after tacacs? Local will authenticate to a local username/password. Line will authenticate to the password on the vty line.</P></BODY></HTML> Thu, 12 Apr 2007 14:22:51 GMT hegleran 2007-04-12T14:22:51Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725485#M421071 <P> have configured Cisco ACS 4.0 (TACACS) with Windows AD for all Cisco MDS switches and it is working fine. But local "admin" access to the Cisco MDS switches via telnet is not working. At the same time , if I create a user with "network-admin" role locally, that works but not the default admin user. </P><P></P><P>Could anyone help me in this regard.</P> Sun, 10 Mar 2019 22:05:28 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725485#M421071 SAK_Mohan 2019-03-10T22:05:28Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725486#M421073 <HTML><HEAD></HEAD><BODY><P>SAK Mohan,</P><P></P><P>Are you authenticating against local or line after tacacs? Local will authenticate to a local username/password. Line will authenticate to the password on the vty line.</P></BODY></HTML> Thu, 12 Apr 2007 14:22:51 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725486#M421073 hegleran 2007-04-12T14:22:51Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725487#M421075 <HTML><HEAD></HEAD><BODY><P>blank</P></BODY></HTML> Thu, 12 Apr 2007 14:31:01 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725487#M421075 SAK_Mohan 2007-04-12T14:31:01Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725488#M421076 <HTML><HEAD></HEAD><BODY><P>local. Below is the script I used to configure TACACS (Cisco ACS 4.0) on Cisco MDS switches. </P><P></P><P>----------------------------------------</P><P>config t</P><P>#---------------------------------------</P><P># Enable TACACS+</P><P>#---------------------------------------</P><P>tacacs+ enable</P><P>tacacs-server host nnn.nnn.nnn.nnn key 0 xxxxxx</P><P>tacacs-server host mmm.mmm.mmm.mmm key 0 xxxxx</P><P>#--------------------------------------</P><P># Specify TACACS+ Server groups</P><P>#---------------------------------------</P><P>aaa group server tacacs+ tacgrp</P><P>server nnn.nnn.nnn.nnn</P><P>server mmm.mmm.mmm.mmm</P><P>#---------------------------------------</P><P>aaa authentication login default group tacgrp</P><P>aaa authentication login console local</P><P>#---------------------------------------</P><P># Enable TACACS+ Accounting</P><P>#---------------------------------------</P><P>aaa accounting default group tacgrp local</P><P>#---------------------------------------</P><P>end</P><P>copy running-config startup-config</P><P>----------------------------------------</P><P></P><P>Thanks</P><P>MOhan</P><P></P></BODY></HTML> Thu, 12 Apr 2007 14:32:41 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725488#M421076 SAK_Mohan 2007-04-12T14:32:41Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725489#M421078 <HTML><HEAD></HEAD><BODY><P>Mohan,</P><P></P><P>Do you have a local username called admin created? Or are you trying to login as admin, and then using the vty password when there is no admin account created?</P></BODY></HTML> Thu, 12 Apr 2007 14:44:52 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725489#M421078 hegleran 2007-04-12T14:44:52Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725490#M421080 <HTML><HEAD></HEAD><BODY><P>Thanks.....</P><P></P><P>Yes....it is there which is the default/local "admin" user that comes with Cisco MDS switches. I am using the right password.</P><P></P><P>This we need as a backdoor to Switches in case TACACS fails for some reason.</P><P></P><P>Thanks</P><P>MOhan</P></BODY></HTML> Thu, 12 Apr 2007 14:49:02 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725490#M421080 SAK_Mohan 2007-04-12T14:49:02Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725491#M421081 <HTML><HEAD></HEAD><BODY><P>if you want it as a backdoor (for default login)</P><P>you need to add local at the end of your statement.</P><P>the following statement</P><P>aaa authentication login default group tacgrp </P><P>should be modified to </P><P>aaa authentication login default group tacgrp local</P><P></P><P>That will enable you to authenticate with a local account (assuming you have configured a local cli user) in the event of a AAA server outage.</P><P>--Colin</P></BODY></HTML> Thu, 12 Apr 2007 21:13:31 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725491#M421081 colin.mcnamara 2007-04-12T21:13:31Z https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725492#M421082 <HTML><HEAD></HEAD><BODY><P>THat is what I haebeen tying to configure....but unfortunately "local" option after "aaa authentication login default group tacgrp" is not available in Cisco MDS if i press Tab.</P><P></P><P>One more thing is..without the local option , I am able to login using locally created users with "netwok-admin" role but not the default "admin" user....... </P><P></P><P>--Mohan</P></BODY></HTML> Thu, 12 Apr 2007 22:17:21 GMT https://community.cisco.com/t5/network-access-control/aaa-and-cisco-mds-switches/m-p/725492#M421082 SAK_Mohan 2007-04-12T22:17:21Z