Solved: can't login to switch using Tacacs and local user

Mohd Khairul Nizam · ‎04-03-2018

Seb Rupik · ‎04-03-2018

Yes, disconnecting the uplink/ trunk port to your core would have the same effect, although the ACL option could be done in production during office hours.

View solution in original post

Seb Rupik · ‎04-03-2018

Hi there,

Did you have a fallback identity store configured on the AAA method? If so, you could create an ACL on your management network SVI to block the switches in question from being able to contact the TACACS server. This should cause the switch to timeout and fallback to the second identity store, hopefully local.

Have you tried access via the console port?

cheers,

Seb.

Mohd Khairul Nizam · ‎04-03-2018

Hi Seb,

using console port as below

not prompt at all for the username

Seb Rupik · ‎04-03-2018

Using the console port, does it prompt you for a password?

Mohd Khairul Nizam · ‎04-03-2018

nope, only showed the banner...
that all, and it keep on looping on the same screen output.
at least if it prompt username/password or > , i can key in something

Seb Rupik · ‎04-03-2018

Have you tried the ACL to block TACACS traffic?

Mohd Khairul Nizam · ‎04-03-2018

haven't try but it is the same as i disconnect the trunk port,correct?

I might do it during off office hours .

cut off the connection i hope it go to local

Seb Rupik · ‎04-03-2018

Yes, disconnecting the uplink/ trunk port to your core would have the same effect, although the ACL option could be done in production during office hours.