2960 AAA Not Working - Cisco Community

560

Views

0

Helpful

2

Replies

I am trying to get AAA Authentication working on a Cisco 2960-24pc-l running 12.2(55)SE5 IOS and cannot get it to work. I have it currently working on a Cisco 3750-24te-m running 12.2(55)SE IOS. Here is my config:

!

enable secret 5 xxxxxxxxxxxx

!

username admin privilege 15 secret 5 xxxxxxxxxxxx

!

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local

aaa accounting commands 15 default start-stop group tacacs+

!

aaa session-id common

!

tacacs-server host 10.20.8.9 single-connection key xxxxxxxxxxxx

tacacs-server directed-request

!

!

line con 0

session-timeout 5

line vty 0 4

session-timeout 5

transport input telnet

line vty 5 15

session-timeout 5

!

When I login to the 3750, AAA is used. When I login to the 2960, the local username is used. Any thoughs here as to why it works on the 3850 and not the 2960?

2 Replies 2

Can you try adding "login authentication default" under both the console and the vty lines?

So you will have

line con 0

session-timeout 5

login authentication default

line vty 0 4

session-timeout 5

transport input telnet

login authentication default

line vty 5 15

session-timeout 5

login authentication default

Thank you for rating!

I added - login authentication default - to the lines as indicated above. When I do a sh run, the statement that I was added - login authentication default does not show.

line con 0

session-timeout 5

line vty 0 4

session-timeout 5

line vty 5 15

session-timeout 5

I still am able to login using the local account and not TACACS.

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community