Cisco switch console login

Mr.JoVen · ‎03-04-2019

Hello,

I have a Cisco 2960X stacked switch.

I've configured central login via our TACACS+ service, which works without issue.

But I've come across, that I can't log in via the console cable to the switch.

I've tried several setting for the AAA Authentication command, but without success.

Here is my current configuration:

2960X-***-Stack#show running-config aaa
!
aaa authentication login default group tacacs+ local
aaa authentication login ssh group tacacs+ local
aaa authentication login telnet local
aaa authentication login console local
aaa authorization exec default group tacacs+ local if-authenticated
aaa authorization exec console local if-authenticated
username admin privilege 15 secret 5 ******
username pro-support privilege 15 password 7 *******

----

2960X-***-Stack#show running-config | begin line
line con 0
logging synchronous
login authentication console

I can login with the local username / password, but the local enable won't work.

I hope you can help.

Kind regards

Jonas Vendelboe

CCNA R&S

Mark Malone · ‎03-04-2019

Hi
You need local enable
working one of mine , nothing required vty

!
aaa group server tacacs+ xtacacs
server-private x.x.x.x key 7 05064335130946501B52414F584D20611A7069141B
server-private x.x.x.x key 7 020B4161394307784E195F44565636403D506B0C0A
ip tacacs source-interface xxxx
!
aaa authentication login default group xtacacs local enable
aaa authentication enable default group xtacacs enable
aaa authorization exec default group xtacacs local
aaa accounting exec default start-stop group xtacacs
aaa accounting commands 0 default start-stop group xtacacs
aaa accounting commands 1 default start-stop group xtacacs
aaa accounting commands 15 default start-stop group xtacacs
aaa accounting network default start-stop group xtacacs
aaa accounting connection default start-stop group xtacacs
aaa accounting system default start-stop group xtacacs

line vty 0 4
access-class xxx in
exec-timeout 30 0
transport input ssh