Solved: Configure AAA TACACS+ on cisco router

Russel · ‎02-21-2022

I need to configure AAA and TACACS on the cisco router to allow login routers through TACACS. below are the commands I used to configure it.

aaa new model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
tacacs server host {{tacacs_host}}
tacacs server key {{tacacs_key}}

Configuration worked well and I was able to log in to the router using TACACS credentials. The problem is after applying this configuration I've lost privileges from the local account that I used for configurations. How can I avoid this? How can I keep the privileges of my local account when applying this configurations?

My AARP Medicare

RishuKumar11 · ‎02-21-2022

If the device has "AAA Authentication login default group tacacs+ local" in the configuration, it's first preference is TACACS.If the TACACS is reachable.

You can't access device through local privileges after applying aaa configuration until unless aaa server goes down. It is an expected default behavior.

View solution in original post

RishuKumar11 · ‎02-21-2022

If the device has "AAA Authentication login default group tacacs+ local" in the configuration, it's first preference is TACACS.If the TACACS is reachable.

You can't access device through local privileges after applying aaa configuration until unless aaa server goes down. It is an expected default behavior.

Nithin Eluvathingal · ‎02-21-2022

Moving this post under Security .