Showing results for 
Search instead for 
Did you mean: 

Trouble with Line vty commands while implementing Tacacs+ on Cisco WS-C3850-12X48U Denali 16.3.3

Level 1
Level 1

Hello All,


 This is my first post in the community. I hate that it has to be such a simple one, but I feel like I'm either missing something really simple or there could be a bug. So I am in the process of implementing cisco ISE 2.3.098. When entering AAA configs on the switch, the "login authentication default" command doesn't register. It will allow me to input it with no errors, but when I look at the line vty, it doesn't show. Any help will be GREATLY appreciated.



Here are snippets of the config:


Config's I enter
tacacs server ise_tacacs+
aaa group server tacacs+ ise_tacacs+
server x.x.x.x
aaa authentication login default group tacacs+ local
aaa authorization network default if-authenticated
aaa authorization exec default if-authenticated
aaa accounting network default start-stop group ise_tacacs+
aaa accounting exec default start-stop group ise_tacacs+
line vty 0 15

session-timeout 5
logging sync
transport input ssh
login authentication default
Results after I input the commands
switch# show run | s line vty
line vty 0 4
session-timeout 5
logging synchronous
transport input ssh
line vty 5 15
session-timeout 5
transport input ssh
Show version
switch# show ver
Cisco IOS Software [Denali], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.3.3, RELEASE SOFTWARE (fc3)
Technology-package Technology-package
Current Type Next reboot
ipbasek9 Permanent ipbasek9

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 62 WS-C3850-12X48U 16.3.3 CAT3K_CAA-UNIVERSALK9 INSTALL




1 Reply 1

Level 1
Level 1



"login authentication default" is the default, it will not show up in the configs. If you defined some other method list and applied it to the vty lines, it would show in the config.