Hello all,

We encountered some strange problem with authentication via TACACS+. Logging into a switch via VTY works ok.... I enter my Username and PW and start at the priveledged exec prompt. But when I'm trying to log in via console, I won't get priviledge exec rights without entering an ena pass. This phenomenon occurs in diffrent IOS versions.

Config looks like that:

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ none

aaa authorization network default group tacacs+ local

aaa accounting send stop-record authentication failure

aaa accounting update newinfo periodic 15

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

!

username <User> privilege 15 password <somepass>

tacacs-server host x.x.x.x

tacacs-server host x.x.x.x

tacacs-server timeout 25

tacacs-server key <ourkey>

line con 0

exec timeout 0 0

line vty 0 4 aso.

Any Ideas?

Regards,

Sebastian