- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2021 06:02 AM
aaa authentication login default group tacacs+ local does this line cover the rest below it?aaa authentication login console group tacacs+ local should i delete these?aaa authentication login ssh group tacacs+ local should i delete these?
from my understanding default covers all lines including console and vty right?
i saw this config online and wondering why they used the extra two crossed ones
never saw this one before: aaa authentication login ssh group tacacs+ local
Solved! Go to Solution.
- Labels:
-
AAA
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2021 06:20 AM
@enzo80 in this instance "console" and "ssh" are custom defined aaa method lists, they need to be explicitly defined under the VTY lines, if not, they will not be used. The default method list is automatically applied to the VTY line and will be used if no custom defined method list is applied. A custom defined would override the default method list only if configured on the VTY line.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-03-2021 06:09 AM - edited 12-03-2021 06:12 AM
aaa authentication login default local group tacacs+
check below document explained :
If you looking different method on console - you make different options.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2021 03:49 AM
for example if i added:
aaa authentication login default group tacacs+
aaa authentication login ssh group tacacs+ local
and under line vty 0 4:
transport input ssh
if the user pass the first login line, does cisco OS read the second auth lines too?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2021 03:57 AM - edited 12-04-2021 07:52 AM
...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2021 06:20 AM
@enzo80 in this instance "console" and "ssh" are custom defined aaa method lists, they need to be explicitly defined under the VTY lines, if not, they will not be used. The default method list is automatically applied to the VTY line and will be used if no custom defined method list is applied. A custom defined would override the default method list only if configured on the VTY line.
