12-03-2021 06:02 AM
aaa authentication login default group tacacs+ local does this line cover the rest below it?aaa authentication login console group tacacs+ local should i delete these?aaa authentication login ssh group tacacs+ local should i delete these?
from my understanding default covers all lines including console and vty right?
i saw this config online and wondering why they used the extra two crossed ones
never saw this one before: aaa authentication login ssh group tacacs+ local
Solved! Go to Solution.
12-04-2021 06:20 AM
@enzo80 in this instance "console" and "ssh" are custom defined aaa method lists, they need to be explicitly defined under the VTY lines, if not, they will not be used. The default method list is automatically applied to the VTY line and will be used if no custom defined method list is applied. A custom defined would override the default method list only if configured on the VTY line.
12-03-2021 06:09 AM - edited 12-03-2021 06:12 AM
aaa authentication login default local group tacacs+
check below document explained :
If you looking different method on console - you make different options.
12-04-2021 03:49 AM
for example if i added:
aaa authentication login default group tacacs+
aaa authentication login ssh group tacacs+ local
and under line vty 0 4:
transport input ssh
if the user pass the first login line, does cisco OS read the second auth lines too?
12-04-2021 03:57 AM - edited 12-04-2021 07:52 AM
...
12-04-2021 06:20 AM
@enzo80 in this instance "console" and "ssh" are custom defined aaa method lists, they need to be explicitly defined under the VTY lines, if not, they will not be used. The default method list is automatically applied to the VTY line and will be used if no custom defined method list is applied. A custom defined would override the default method list only if configured on the VTY line.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: