07-26-2023 03:39 PM
I'm able to manage the configuration of numerous switches in different buildings in our local area and have remote SSH access to them with the AAA server in another state across a WAN link for credential verification.
When, for various reasons, the AAA server or WAN link goes down, I am no longer able to access my local switches.
Is there a way to still gain management access using the switch local user database when this happens without having to travel to the switch and access via the console?
Solved! Go to Solution.
07-26-2023 03:47 PM
Hi @LeoMccoy
Yes, this is possible. Usually the first line for TACACS config looks like this
aaa authentication login default group tacacs local"
Where the local, means, local access.
07-26-2023 04:10 PM - edited 07-27-2023 02:00 PM
username xxxx password xxxx << this mandatory
enable password xxxx << this mandatory
aaa authentication login default group tacacs local
07-26-2023 03:47 PM
Hi @LeoMccoy
Yes, this is possible. Usually the first line for TACACS config looks like this
aaa authentication login default group tacacs local"
Where the local, means, local access.
07-26-2023 04:10 PM - edited 07-27-2023 02:00 PM
username xxxx password xxxx << this mandatory
enable password xxxx << this mandatory
aaa authentication login default group tacacs local
07-27-2023 02:06 PM
Disconnect server and give try' and share result
Thanks
MHM
07-28-2023 11:56 AM
I already had "username xxxx password xxxx" defined, this would be used for access when AAA server is down.
I agree, "enable password xxxx" should also be mandatory when AAA server is down if "aaa authentication enable default group tacacs+ enable" is also in use (which, for me, is in use).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide