mikehsueh,

Arvin.hsu · ‎04-07-2017

Hi ,

I have couple of switch’s configured for tatacs authentications.

When i try to access using console, I am able to login using the local credentials but its not accepting the enable password.

I can’t remove this command “aaa authentication enable default group tacacs+” that is for other users using VTY line .

How do it bypass or disable so that console access doesn't prompt for enable password or take the enable password configured locally?

username admin privilege 15 password test123

aaa new-model

aaa authentication login default group tacacs+

aaa authentication login CONSOLE local

aaa authentication enable default group tacacs+ enable

line console 0

login authentication CONSOLE

thanks,

agapitca19 · ‎05-18-2017

mikehsueh,

I suggest that you try creating a separate method list for line vty and remove aaa authentication enable default group tacacs+ enable from your current aaa configuration.

For example:

no aaa authentication enable default group tacacs+ enable

aaa authentication login LINE-VTY group [method 1] [method2] [method 3]....

line vty 0 15

login authentication LINE-VTY

*** Please rate and mark the comment correct if you find it helpful ***

authentication for console access

Secure Access: Network Tunnel Groupの接続におけるFTDのECMP設定例

3.3 MAC Authentication Bypass for Wired and Wireless Access

Catalyst 9000 シリーズスイッチの [console-relay] Checking VTY access 出力

Secure Access: How to

Remote VPN access LDAP Server Group DC authentication issues