04-03-2018 01:27 AM - edited 06-23-2020 12:31 AM
04-03-2018 05:49 AM
Yes, disconnecting the uplink/ trunk port to your core would have the same effect, although the ACL option could be done in production during office hours.
04-03-2018 01:46 AM
Hi there,
Did you have a fallback identity store configured on the AAA method? If so, you could create an ACL on your management network SVI to block the switches in question from being able to contact the TACACS server. This should cause the switch to timeout and fallback to the second identity store, hopefully local.
Have you tried access via the console port?
cheers,
Seb.
04-03-2018 01:52 AM
Hi Seb,
using console port as below
not prompt at all for the username
04-03-2018 04:02 AM
Using the console port, does it prompt you for a password?
04-03-2018 04:40 AM
nope, only showed the banner...
that all, and it keep on looping on the same screen output.
at least if it prompt username/password or > , i can key in something
04-03-2018 05:17 AM
Have you tried the ACL to block TACACS traffic?
04-03-2018 05:36 AM
haven't try but it is the same as i disconnect the trunk port,correct?
I might do it during off office hours .
cut off the connection i hope it go to local
04-03-2018 05:49 AM
Yes, disconnecting the uplink/ trunk port to your core would have the same effect, although the ACL option could be done in production during office hours.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: