https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042916#M1067556 <P>The current configurations is like&nbsp; this :</P><P>&nbsp;</P><P>aaa authentications ssh console My_tacacs+ LOCAL</P><P>aaa authentication http console&nbsp; My_tacacs+ LOCAL</P><P><FONT color="#993366">aaa authentication enable console&nbsp;My_tacacs+ LOCAL</FONT></P><P>&nbsp;</P><P>Also I my doing accounting and authorization via tacacs+.</P><P>&nbsp;</P><P>&nbsp;</P><P>If I add&nbsp;</P><P><FONT color="#993366"><SPAN>aaa authentication serial console&nbsp;LOCAL</SPAN></FONT></P><P><SPAN>I will be able to login into the serial cable using local credentials BUT I won't be able to enter the enable password since it will be sent to TACACS+ server and it will fail.</SPAN></P><P>&nbsp;</P><P><SPAN>Could you please let me know if I can bypass sending enable passwords&nbsp; ? for serial login alone so that both&nbsp;</SPAN><SPAN>the login and exec login password are validated since only the local database credentials.</SPAN></P> Mon, 09 Mar 2020 16:36:30 GMT Alfredcfc 2020-03-09T16:36:30Z https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042821#M1067550 <P>Currently I am not using aaa authentication to login into serial console cable, would this mean when I login into to&nbsp;ASA via a serial cable I will bypass the AAA servers and use the local database ?.</P><P>&nbsp;</P><P>Or do I have specify aaa authentication serial console LOCAL ?.</P><P>&nbsp;</P><P>But then this would force the enable password to be sent to my TACACS+ server. since I have use&nbsp;</P><P><STRONG>aaa authenticaion enable.</STRONG></P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 09 Mar 2020 14:38:08 GMT https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042821#M1067550 Alfredcfc 2020-03-09T14:38:08Z https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042833#M1067551 <P>yes you need to add enable and authentication for serial to be local example :</P> <P>&nbsp;</P> <P>aaa authentication enable console LOCAL</P> <P>aaa authentication serial console LOCAL</P> <P>&nbsp;</P> <P>note : make sure you test with Local username and password before you write the config. or you should have alterbative method to login to box to remidate the issue.</P> Mon, 09 Mar 2020 14:51:49 GMT https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042833#M1067551 balaji.bandi 2020-03-09T14:51:49Z https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042916#M1067556 <P>The current configurations is like&nbsp; this :</P><P>&nbsp;</P><P>aaa authentications ssh console My_tacacs+ LOCAL</P><P>aaa authentication http console&nbsp; My_tacacs+ LOCAL</P><P><FONT color="#993366">aaa authentication enable console&nbsp;My_tacacs+ LOCAL</FONT></P><P>&nbsp;</P><P>Also I my doing accounting and authorization via tacacs+.</P><P>&nbsp;</P><P>&nbsp;</P><P>If I add&nbsp;</P><P><FONT color="#993366"><SPAN>aaa authentication serial console&nbsp;LOCAL</SPAN></FONT></P><P><SPAN>I will be able to login into the serial cable using local credentials BUT I won't be able to enter the enable password since it will be sent to TACACS+ server and it will fail.</SPAN></P><P>&nbsp;</P><P><SPAN>Could you please let me know if I can bypass sending enable passwords&nbsp; ? for serial login alone so that both&nbsp;</SPAN><SPAN>the login and exec login password are validated since only the local database credentials.</SPAN></P> Mon, 09 Mar 2020 16:36:30 GMT https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042916#M1067556 Alfredcfc 2020-03-09T16:36:30Z https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042953#M1067560 <P>your answer is <A href="https://community.cisco.com/t5/network-management/how-to-bypass-tacacs-on-console-connection/td-p/1125323" target="_self">here</A> in this post.</P> Mon, 09 Mar 2020 17:33:39 GMT https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4042953#M1067560 Sheraz.Salim 2020-03-09T17:33:39Z https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4046402#M1067806 <P>HI Sheraz,</P><P>&nbsp;</P><P>&nbsp;I read through the answer you have posted but that answer is for a router so can please let me know if you can help me in this problem for an ASA firewall.</P> Mon, 16 Mar 2020 07:58:58 GMT https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4046402#M1067806 Alfredcfc 2020-03-16T07:58:58Z https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4046493#M1067810 <P>Hi,</P><P>&nbsp;</P><P>&nbsp; &nbsp;Can you try the following:</P><P>&nbsp; &nbsp; &nbsp; &nbsp; - have a username locally configured with privilege level 15</P><P>&nbsp; &nbsp; &nbsp; &nbsp; - configure "aaa authentication enable console My_tacacs+ LOCAL and "aaa authorization exec LOCAL auto-enable"</P><P>&nbsp;</P><P>See if you can authenticate on the console as requested, afterwards also test the remote SSH/telnet functionality.</P><P>&nbsp;</P><P>Regards,</P><P>Cristian Matei.</P> Mon, 16 Mar 2020 11:31:37 GMT https://community.cisco.com/t5/network-security/aaa-authentication-for-serial-console/m-p/4046493#M1067810 Cristian Matei 2020-03-16T11:31:37Z