03-21-2013 10:43 AM - edited 03-10-2019 08:13 PM
I am trying to get AAA Authentication working on a Cisco 2960-24pc-l running 12.2(55)SE5 IOS and cannot get it to work. I have it currently working on a Cisco 3750-24te-m running 12.2(55)SE IOS. Here is my config:
!
enable secret 5 xxxxxxxxxxxx
!
username admin privilege 15 secret 5 xxxxxxxxxxxx
!
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
!
tacacs-server host 10.20.8.9 single-connection key xxxxxxxxxxxx
tacacs-server directed-request
!
!
line con 0
session-timeout 5
line vty 0 4
session-timeout 5
transport input telnet
line vty 5 15
session-timeout 5
!
When I login to the 3750, AAA is used. When I login to the 2960, the local username is used. Any thoughs here as to why it works on the 3850 and not the 2960?
03-21-2013 02:45 PM
Can you try adding "login authentication default" under both the console and the vty lines?
So you will have
line con 0
session-timeout 5
login authentication default
line vty 0 4
session-timeout 5
transport input telnet
login authentication default
line vty 5 15
session-timeout 5
login authentication default
Thank you for rating!
03-25-2013 07:42 AM
I added - login authentication default - to the lines as indicated above. When I do a sh run, the statement that I was added - login authentication default does not show.
line con 0
session-timeout 5
line vty 0 4
session-timeout 5
line vty 5 15
session-timeout 5
I still am able to login using the local account and not TACACS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide