Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1389
Views
0
Helpful
0
Replies

AAA Authentication on Console and VTY

Ng Tian Sheng
Level 1
Level 1

‎11-17-2015 02:10 AM - edited ‎03-10-2019 11:14 PM

Hi Experts,

My customer has enabled AAA Authentication on all their switches, what they want to achieve is that whenever IT administrator remote access (Telnet/SSH) into these switches, they will need to use the TACACS+ credentials to access the switch (username/password and enable password).

But as for console access, they want to use local credentials for both username/password and enable password, I have tried on login access, local credentials are applicable, but when the switch prompts me for enable password, local enable password is not successful. I have tried TACACS+ enable password also not successful.

May I know can I achieve the following:

- Enable AAA Authentication --> VTY use AAA, console use local credentials

********************************************
Below is the part of AAA Configuration

********************************************

aaa new-model
!
aaa authentication login default group tacacs+ local
aaa authentication login NOTACACS local
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization config-commands
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization exec NOTACACS2 local if-authenticated
aaa authorization commands 4 default group tacacs+ if-authenticated
aaa authorization commands 4 NOTACACS2 local if-authenticated
aaa authorization commands 5 default group tacacs+ if-authenticated
aaa authorization commands 5 NOTACACS2 local if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization commands 15 NOTACACS2 local if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 4 default start-stop group tacacs+
aaa accounting commands 5 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
!
!
privilege configure level 5 vlan
privilege configure level 5 interface
privilege exec level 5 configure terminal
privilege exec level 5 configure
privilege exec level 5 show configuration
privilege exec level 5 show running-config
!
!
line con 0
exec-timeout 0 0
authorization commands 4 NOTACACS2
authorization commands 5 NOTACACS2
authorization commands 15 NOTACACS2
authorization exec NOTACACS2
logging synchronous
login authentication NOTACACS
line vty 5 15
!

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents