02-10-2005 01:00 AM - edited 02-20-2020 11:55 PM
hi,
we are using ACS TACACS+ for our cisco devices telnet security, but we are also using DC database for authentication and if database goes down, authentication is stopping. at this time cisco device still searching for tacacs server and does not allow telnet.
we have been using the conf.below recently,but now it is not working...
!
aaa authentication login LOCAL local
!
line vty4
login authentication LOCAL
thanks
02-16-2005 07:41 AM
Strange, but one workaround could be probably, you could remove the configuration for it to contact Tacacs+
02-16-2005 11:31 PM
I think you didny understand my question,
when tacacs server working, LDAP is going down,
so I could not telnet to device.
Iam searching for a backup configuration...
02-17-2005 06:03 AM
I do not understand your question. You say that you are using TACACS but the configuration that you show does not have any TACACS in it at all and just uses local authentication. Where is the TACACS and what is the problem.
I have configured aaa and TACACS on a variety of boxes and find that a configuration like this works well:
aaa authentication login default group tacacs+ line
This allows the router to use TACACS for login authentication and if TACACS is not available (or if the external database is not available) it will use the local line passwords. Or if you have user name and passwords configured on the router you could configure:
aaa authentication login default group tacacs+ local
In my experience if the TACACS server can not access the external database then it returns an unable to process response to the router and the router is able to use the backup method.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide