Solved: Hi,I don't think it should.

Colin Higgins · ‎12-10-2014

I am trying to configure an ASA 5545X running 8.3+ to use a tacacs+ server for authentication, but to failover to local authentication if the tacacs+ server is not available.

when I use the command aaa authentication ssh console TACACS+ LOCAL

it tells me "range already exists" and it doesn't take

What is the command for this? Can't seem to find it in documentation

Vibhor Amrodia · ‎12-13-2014

Hi,

I don't think it should. As the SSH connection is already established on the ASA device.

Still , you can try to add the other command using some other management access like telnet or ASDM if possible.

Thanks and Regards,

Vibhor Amrodia

View solution in original post

Vibhor Amrodia · ‎12-11-2014

Hi,

If you are seeing this prompt , it means that the configuration is already there.

Can you check using this command from the Privilege mode on ASA:-

"show run aaa" and you should see the command in the configuration.

Thanks and Regards,

Vibhor Amrodia

Colin Higgins · ‎12-11-2014

I type the command

aaa authentication ssh console TACACS+ LOCAL

and it tells me "range already exists"

If I do a show run aaa I get

aaa authentication ssh console TACACS+

no LOCAL.

I should point out that this is an ASA blade for a 6500 switch running 8.5(1)

Vibhor Amrodia · ‎12-11-2014

Hi,

Okay , just remove this command:-

no aaa authentication ssh console TACACS+

and then add the required one:-

aaa authentication ssh console TACACS+ LOCAL

Thanks and Regards,

Vibhor Amrodia

Colin Higgins · ‎12-12-2014

If I issue the command

no aaa authentication ssh console TACACS+

while ssh'd into the device, will it lock me out?

Vibhor Amrodia · ‎12-13-2014

Hi,

I don't think it should. As the SSH connection is already established on the ASA device.

Still , you can try to add the other command using some other management access like telnet or ASDM if possible.

Thanks and Regards,

Vibhor Amrodia

AAA authentication on ASA