Solved: Re: Switch SSH access when AAA server down - Cisco Community

567

Views

1

Helpful

4

Replies

I'm able to manage the configuration of numerous switches in different buildings in our local area and have remote SSH access to them with the AAA server in another state across a WAN link for credential verification.

When, for various reasons, the AAA server or WAN link goes down, I am no longer able to access my local switches.

Is there a way to still gain management access using the switch local user database when this happens without having to travel to the switch and access via the console?

2 Accepted Solutions

Accepted Solutions

Yes, this is possible. Usually the first line for TACACS config looks like this

aaa authentication login default group tacacs local"

Where the local, means, local access.

View solution in original post

username xxxx password xxxx << this mandatory
enable password xxxx << this mandatory

aaa authentication login default group tacacs local

View solution in original post

4 Replies 4

Yes, this is possible. Usually the first line for TACACS config looks like this

aaa authentication login default group tacacs local"

Where the local, means, local access.

username xxxx password xxxx << this mandatory
enable password xxxx << this mandatory

aaa authentication login default group tacacs local

Disconnect server and give try' and share result

Thanks

MHM

I already had "username xxxx password xxxx" defined, this would be used for access when AAA server is down.

I agree, "enable password xxxx" should also be mandatory when AAA server is down if "aaa authentication enable default group tacacs+ enable" is also in use (which, for me, is in use).

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community