Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1351
Views
0
Helpful
1
Replies

Local login if TACACS server down

aruzsi
Level 1
Level 1

‎04-20-2005 01:37 AM - edited ‎03-10-2019 02:07 PM

Hi,

My config is:

...

username user1 privilege 15 password 7 pwd

...

aaa authentication login vtymethod group tacacs+ local enable

...

password 7 pwd_vty

login authentication vtymethod

When the Tacacs server disappeared from the network

(because of missing route to it) I wasn't able to login by telnet so I was locked out.

What is the right config for this situation?

I thought if Tacacs server is down, next possibility will be local user DB and the last resort is the enable password.

Thanks,

Ruzsi

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎04-20-2005 08:48 AM

The amount of config that you posted is not enough to see clearly what the problem is. Please post the complete config of aaa, the complete config of line con 0, and the complete config of the vty lines.

It looks to me like you are on the right track and it should have worked. I have configured many routers similar to this and they have worked properly (local authentication if the tacacs server was not available).

Post the configss and perhaps we can figure out why it did not work.

It might also be helpful to configure logging buffered, turn on debug aaa authentication, disable the tacacs server, attempt to telnet to the router, enable the tacacs server, telnet to the router, copy and post the debug output which will be in the logging buffer.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents