Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
612
Views
4
Helpful
2
Replies

AAA authentication problem

ms4561
Level 1
Level 1

‎12-12-2006 04:09 PM - edited ‎03-10-2019 02:52 PM

I've setup my AAA config as follows "aaa authentication login default group tacacs+ enable". When I test config with SSH (ACS turned off)to the router I cannot login using the enable password. The same does not work when trying to connect with Con0. How can I correct this problem. Forum help is much appreciated, thanks all.

Labels:
Preview file
8 KB
0 Helpful
2 Replies 2

m.sir
Level 7
Level 7

‎12-12-2006 11:19 PM

You have authorization only with tacacs+, can you try following command

aaa authorization exec default group tacacs+ none

M.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to m.sir

‎12-13-2006 10:03 AM

I agree that the configuration of aaa authentication login looks ok (I would probably use line as the alternative method instead of enable - but it should work with either) and that the issue is the configuration of authorization:

aaa authorization exec default group tacacs+

this provides no alternative method. And I suspect that if you look carefully at the error message when you attempt to login without TACACS the error is actually about authorization rather than about authentication. The suggestion of:

aaa authorization exec default group tacacs+ none

should be ok. I have used this way with success:

aaa authorization exec default group tacacs+ if-authenticated

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents