Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
799
Views
5
Helpful
1
Replies

aaa commands

mirehteshamali
Level 1
Level 1

‎02-13-2011 11:49 AM - edited ‎03-10-2019 05:49 PM

Hi group ,

help me with the following aaa commands

1)aaa authentication login default group tacacs+ none

does it means if my tacacs server fails , the user will be authorized immediately (no authorization done ) as the next method list is "none"

2) aaa authentication enable default group tacacs+ enable

does this means if tacacs server is unavailable or fails to respond locally stored enable password will be used

3) if i issue this command " username admin  password cisco " what will be the privilege assigned to it .(by default)

4) aaa authorization exec default group tacacs+ if-authenticated
    a) plz explain what this do in general

    b) what happens if authentication is successful with tacacs server and i have implemented command authorization to authorize all commands entered . now imagine server goes down. will authorization be allowed or user will be locked ?

i hope i m clear in asking

thanks

Labels:
0 Helpful
1 Reply 1

Javier Henderson
Level 4
Level 4

‎02-13-2011 01:16 PM

1) If the TACACS+ server is unavailable authentication will succeed

2) The enable password stored in the router will be used if the TACACS+ server is not available

3) The user will be given privilege level 1

4) It will do exec authorization using TACACS+ and if the authentication server is not available then the authorization will succeed if the user has successfully authenticated. This does not involve command authorization, only exec.

Exec authorization means the user will be granted the privilege level handed by either the TACACS+ server or the local username/password database.

Customers Also Viewed These Support Documents