10-22-2010 10:54 AM - edited 03-10-2019 05:31 PM
When i enter vty i can log in straight to priv leve 15-authenticating to tacacs-
howerver when i try through the conosle port, i get in via privliege level 1
howerver when i attemt to enable..i get asked for a password, and the enable password i have configured does not work
aaa authentication attempts login 2
aaa authentication login default group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ none
aaa accounting system default start-stop group tacacs+
!
line con 0
password 7 11ddddD
logging synchronous
line aux 0
line vty 0 4
privilege level 15
password 7 0605ddddddd41
logging synchronous
transport input telnet ssh
line vty 5 15
privilege level 15
password 7 06ddddd4F41
logging synchronous
transport input telnet ssh
!
10-22-2010 11:13 AM
hmm i just disabled the ACS server and cant login via the console using local auth
10-22-2010 11:38 AM
It is not working because you have "aaa authentication enable default group tacacs+ enable".
If you are locked out I would suggest password recovery and using aaa authentication and authorization commands carefully. Here is a guide to help you http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_aaa_overview_external_docbase_0900e4b1805adb64_4container_external_docbase_0900e4b1807af93e.html
I hope it helps.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide