08-05-2008 05:44 AM - edited 03-10-2019 04:00 PM
Hello,
I have this configuration, and the fall back to local doess't seems to work (using telnet or ssh):
username admin privilege 15 password ugawdfugagdfqfqfiqgfigqf
aaa new-model
aaa authentication login VTY-access group tacacs+ local
aaa accounting exec accounting start-stop group tacacs+
aaa accounting commands 1 accounting start-stop group tacacs+
aaa accounting commands 15 accounting start-stop group tacacs+
aaa accounting connection accounting start-stop group tacacs+
tacacs-server host 1.2.3.4
tacacs-server key khdhdfhahsfklhas
line vty 0 15
no password
 exec-timeout 15 0
privilege level 15
 accounting connection accounting
 accounting commands 1 accounting
 accounting commands 15 accounting
 accounting exec accounting
 login authentication VTY-access
line con 0
no password
exec-timeout 15 0
privilege level 15
accounting connection accounting
 accounting commands 1 accounting
 accounting commands 15 accounting
 accounting exec accounting
 login authentication VTY-access
Thank's for your help
Blaise
08-05-2008 06:36 AM
Is the TACACS servers reachable from this device ?
If yes, then it might not fall back to LOCAL.
If this is a test setup, then you may try disconnecting the Tacacs server from the network and then test.
08-05-2008 06:40 AM
I tried to stop the services on the ACS CE 4.2 it did not used fall back, and then a change the IP address of the tacacs server to a false IP, and still it doesn't fall back.
08-05-2008 06:44 AM
aaa new-model
tacacs-server host [tacacs ip address]
tacacs-server key [secret key]
aaa authentication login default group tacacs+ local
username [local user name] password [local user password]
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
remove all your exisiting entries and try just the above....
Make sure your device have reachbility to the tacaces server.
08-05-2008 08:12 AM
Blaise
You describe that the fallback does not work when using telnet and ssh. Does it work on the console?
You describe in general that fall back does not work. Can you give us a bit more specifics about how it is not working? When you attempt access are you getting a prompt for ID and password? If you enter ID and password are you sure that it is the correct password? If you enter an ID and password can you tell us exactly what error message you get?
If we know these things we may be closer to finding your problem.
HTH
Rick
10-17-2008 04:36 AM
Hi Rick,
Sorry I was away for a long time.
The tests will restart soon.
I will give a feed back soon
Cheers
Blaise
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide