https://community.cisco.com/t5/network-access-control/aaa-backup-enable-mode-and-debugging-does-not-work/m-p/300987#M434250 <P>HI guys, i have Cisco ACS 3.0 running and i have confiiguration like below</P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ enable</P><P>aaa authorization exec default group tacacs+ if-authenticated </P><P>aaa authorization commands 15 default group tacacs+ if-authenticated </P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P>aaa accounting system default start-stop group tacacs+</P><P>enable secret xxxxx</P><P></P><P>The problem i have is 2.</P><P>1) If i stop tacacs+ service, but normal it should switch to local router enable secret password mode, so i get password prompted when i telnet, but when i key in, it says authentication failed and immediately disconnect without even giving few more retries.</P><P></P><P>2) when i enable all debugging for AAA, none of them appears even when im connected to console and terminal monitoring is always enabled. the AAA authentication and authorization works, but im suprised why debug aaa not working.</P> Sun, 10 Mar 2019 14:50:49 GMT msara 2019-03-10T14:50:49Z https://community.cisco.com/t5/network-access-control/aaa-backup-enable-mode-and-debugging-does-not-work/m-p/300987#M434250 <P>HI guys, i have Cisco ACS 3.0 running and i have confiiguration like below</P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ enable</P><P>aaa authorization exec default group tacacs+ if-authenticated </P><P>aaa authorization commands 15 default group tacacs+ if-authenticated </P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P>aaa accounting system default start-stop group tacacs+</P><P>enable secret xxxxx</P><P></P><P>The problem i have is 2.</P><P>1) If i stop tacacs+ service, but normal it should switch to local router enable secret password mode, so i get password prompted when i telnet, but when i key in, it says authentication failed and immediately disconnect without even giving few more retries.</P><P></P><P>2) when i enable all debugging for AAA, none of them appears even when im connected to console and terminal monitoring is always enabled. the AAA authentication and authorization works, but im suprised why debug aaa not working.</P> Sun, 10 Mar 2019 14:50:49 GMT https://community.cisco.com/t5/network-access-control/aaa-backup-enable-mode-and-debugging-does-not-work/m-p/300987#M434250 msara 2019-03-10T14:50:49Z https://community.cisco.com/t5/network-access-control/aaa-backup-enable-mode-and-debugging-does-not-work/m-p/300988#M434253 <HTML><HEAD></HEAD><BODY><P>This is what i use, i add enable at the end but the enable password that i set locally on the router does not work.</P><P></P><P>SunwayCCNA(config)#aaa authentication login default group tacacs+ ?</P><P> enable Use enable password for authentication.</P><P> group Use Server-group</P><P> line Use line password for authentication.</P><P> local Use local username authentication.</P><P> local-case Use case-sensitive local username authentication.</P><P> none NO authentication.</P><P> <CR></CR></P><P></P><P>SunwayCCNA(config)#aaa authentication login default group tacacs+</P></BODY></HTML> Mon, 31 May 2004 13:17:06 GMT https://community.cisco.com/t5/network-access-control/aaa-backup-enable-mode-and-debugging-does-not-work/m-p/300988#M434253 msara 2004-05-31T13:17:06Z https://community.cisco.com/t5/network-access-control/aaa-backup-enable-mode-and-debugging-does-not-work/m-p/300989#M434255 <HTML><HEAD></HEAD><BODY><P>I think that trying to use the enable secret as password for login to user mode is not good practice. I suggest that you instead use the configuration of aaa authentication login default group tacacs+ line. This will attempt to authenticate with the configured tacacs server and if there is not response from the server it will use the console password or vty password - depending on where you are attempting to login.</P><P></P><P>If you post the results of the command show tacacs it might help understand what is going on.</P><P></P><P>I am not sure why the debugging messages are not showing up, but the most common explanation is that the way the severity levels have been set up for logging may prevent the debugging messages from displaying. If you can post the first screen of output from the show log command it might help to determine how these are set.</P></BODY></HTML> Mon, 31 May 2004 16:42:52 GMT https://community.cisco.com/t5/network-access-control/aaa-backup-enable-mode-and-debugging-does-not-work/m-p/300989#M434255 Richard Burts 2004-05-31T16:42:52Z