Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
343
Views
3
Helpful
6
Replies

AAA TACACS issue with console login

Go to solution
Bilal Al-Sardar
Level 1
Level 1

‎12-15-2024 04:23 AM

Hi Team,

I have AAA (TACCS+) configured between a switch and ISE. Using using the below configuration. I am trying to connect to the switch via console, what i'm getting is:

{

aaa authentication password-prompt Local-Password:

aaa authentication username-prompt Local-Username:

aaa authentication login default group ISE local

aaa authentication login console none

aaa authentication enable default group ISE enable

 

line con 0

login authentication console

}

 

Connecting via putty serial:

 

Switch>en

Username: local username (did not work)

Password: local password (did not work)

[enter]

Switch>en

Username: ISE local database username [e.g admin] (Works)

Password: ISE local database password of [e.g admin] user (works).

--------

Also, i have tried (local) instead of (none), it prompt to this:

username-prompt Local-Username: neither (local) nor (ISE user) works!

password-prompt Local-Password: 

 

The questions are:

  • Why it is asking for user and password while I chose [none], am I missing something here?
  • Can I used local OR none authentication?

 

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP
In response to Bilal Al-Sardar

‎12-16-2024 04:26 AM

I think the behaviour you are seeing comes from the fact that you have the enable secret managed via ISE and if you don't want to change that for the VTY lines then I think you can try to apply the command "privilege level 15" under the console line, this will take you to privilege mode right after you authenticate on the console line.

View solution in original post

6 Replies 6

Go to solution
AminK
Level 1
Level 1

‎12-15-2024 05:25 AM

Hi.

It is asking for user and password when you want to enter in enable mode. You didn't choose local database for that. You can set enable to read from local but a better workaround is:

username admin priv 15 secret cisco
aaa authentication login console local
line con 0
login authentication console

This way, you don't need to enter enable password everytime.

0 Helpful

Go to solution
Mancunian
Level 1
Level 1

‎12-15-2024 07:37 PM

Hello,

If you want no authentication for both login and enable mode:

aaa authentication login console none
aaa authentication enable default none
line con 0
login authentication console

If you want to use locally defined accounts:

aaa authentication login console local
aaa authentication enable default local
line con 0
login authentication console

0 Helpful

Go to solution
Bilal Al-Sardar
Level 1
Level 1

‎12-15-2024 09:52 PM

Hello,

The provided suggestions will not solve the issue. removing enable authentication will not only take effect on console but SSH as well. 

 

0 Helpful

Go to solution
Aref Alsouqi
VIP
VIP
In response to Bilal Al-Sardar

‎12-16-2024 04:26 AM

I think the behaviour you are seeing comes from the fact that you have the enable secret managed via ISE and if you don't want to change that for the VTY lines then I think you can try to apply the command "privilege level 15" under the console line, this will take you to privilege mode right after you authenticate on the console line.

Go to solution
Bilal Al-Sardar
Level 1
Level 1
In response to Aref Alsouqi

‎12-16-2024 04:37 AM

Voila!, it worked. Thanks a lot Aref. 

Regards,

Go to solution
Aref Alsouqi
VIP
VIP
In response to Bilal Al-Sardar

‎12-16-2024 05:07 AM

You are very welcome, Bilal : )

Customers Also Viewed These Support Documents