Hi ,

I have a little issue with the tacacs config i'm using on  a 800 router

Cisco IOS Software, C880 Software (C880VOICE-UNIVERSALK9-M), Version 15.1(1)T3, RELEASE SOFTWARE (fc1)

this is my config :

enable secret 5 $1$MIIf$bu0Fy/LyqPkMWiq4oEtGk0

!

aaa new-model

!

!

aaa authentication login default group tacacs+ local-case

aaa authentication enable default group tacacs+ enable

aaa authentication ppp default group tacacs+ local-case

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa authorization network default group tacacs+ local

aaa authorization configuration default group tacacs+

aaa accounting session-duration ntp-adjusted

aaa accounting nested

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

aaa accounting resource default start-stop group tacacs+

!

!

aaa session-id common

username test privilege 15 secret 5 $1$3vP2$mQf09highvScq33jd9ffA.

ip tacacs source-interface Loopback0

!

!

tacacs-server host 10.10.3.10 key DrePE9&9uCRE9a!afRek

tacacs-server directed-request

line con 0

no modem enable

line aux 0

line vty 0 4

transport input all

So, when tacacs is not reachable, router must fallback to the local userdatabase, being the user "test".

I configure a router without any connection, just console,  I can login with username test, but I can't manage
to go to exec mode, even while my user is configured with privilege 15.

   %SYS-5-PRIV_AUTH_FAIL: Authentication to privilege level 15 failed by test on console

Thanks a lot in advance for your help,

Kind regards,

Pieter