Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1555
Views
0
Helpful
1
Replies

AAA config to authenticate vty users on TACACS and console users locally.

ashraf.ali
Level 1
Level 1

‎12-11-2003 02:53 AM - edited ‎03-10-2019 07:35 AM

Can I have a aaa config to authenticate console user locally for enable authentication.

aaa authentication login conuser local

aaa authentication login vty tacacs+ local

aaa authentication enable default tacacs+ enable

aaa authorization commands 1 default tacacs+ none

aaa authorization commands 15 default tacacs+ none

The config above allows me to authenticate console user login locally but not for enable

authentication.

ROUTER(config)#aaa authentication enable ?

default The default authentication list.

Here I don't see an option of writing the method name i.e "WORD".

If I use, 'aaa authentication enable default tacacs+ enable' by default all enable authentication

is checked for TACACS+ first and then followed by local authentication.

If I use 'aaa authentication enable default enable' the vty session will also get authenticated

locally which I do not want.

Is there any workaround for this ?

regards

Ashraf

Labels:
0 Helpful
1 Reply 1

jleon22
Level 1
Level 1

‎12-17-2003 08:54 AM

I believe you can set up the console to authenticate locally by configuring the commands under "line con 0."

0 Helpful
Customers Also Viewed These Support Documents