Tacacs and CATOS

ijohnstone — Sun, 10 Mar 2019 14:19:57 GMT

I am finding when the TACACS server is unavailable that when telnetting to the Catalyst (CATOS) switch I am being prompted for the username even after it tells you that the server is unavailable.

The TACACS configuration is;

set authentication login tacacs enable telnet primary

set authentication enable tacacs enable telnet primary

set authorisation exec enable tacacs+ if-authenticated telnet

set authorisation enable enable tacacs+ if-authenticated telnet

set authorisation commands enable all if-authenticated telnet

Also can you telnet directly into the enable mode if you are authenticated to do so based on your username/password.

Re: Tacacs and CATOS

mhoda — Mon, 02 Jun 2003 16:27:54 GMT

Hi,

Do you have authentication login tacacs on to lets say line/enable password as secondary? It should only ask you for the password not the uname/password when ACS server is down. What version of code are you running?

Regarding your second q. yes it is possible to go to enable mode directly, but for that you need to have "shell/exec" checked and priv-lvl set to 15.

I hope this helps. Thanks,

Mynul

topic Re: Tacacs and CATOS in Network Access Control

Tacacs and CATOS

Re: Tacacs and CATOS