04-03-2018 01:27 AM - edited 06-23-2020 12:31 AM
04-03-2018 05:49 AM
Yes, disconnecting the uplink/ trunk port to your core would have the same effect, although the ACL option could be done in production during office hours.
04-03-2018 01:46 AM
Hi there,
Did you have a fallback identity store configured on the AAA method? If so, you could create an ACL on your management network SVI to block the switches in question from being able to contact the TACACS server. This should cause the switch to timeout and fallback to the second identity store, hopefully local.
Have you tried access via the console port?
cheers,
Seb.
04-03-2018 01:52 AM
Hi Seb,
using console port as below
not prompt at all for the username
04-03-2018 04:02 AM
Using the console port, does it prompt you for a password?
04-03-2018 04:40 AM
nope, only showed the banner...
that all, and it keep on looping on the same screen output.
at least if it prompt username/password or > , i can key in something
04-03-2018 05:17 AM
Have you tried the ACL to block TACACS traffic?
04-03-2018 05:36 AM
haven't try but it is the same as i disconnect the trunk port,correct?
I might do it during off office hours .
cut off the connection i hope it go to local
04-03-2018 05:49 AM
Yes, disconnecting the uplink/ trunk port to your core would have the same effect, although the ACL option could be done in production during office hours.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide