07-07-2014 04:21 AM - edited 03-03-2019 07:30 AM
My network has a Secure ACS ver 5.30.40 and client 3750 IOS 12.2(44)SE5
aaa new-model
aaa authentication login default local group tacacs+
aaa authentication enable default group tacacs+ enable
aaa authentication console
aaa authentication exec default group tacacs+ local
aaa accounting command 15 default start-stop tacacs+
tacacs-server host X.X.X.X
tacacs-server directed-request
tacacs-server key X.X.X.X:
When a user attempts to login and access deny is returned.
Solved! Go to Solution.
08-30-2014 12:22 PM
I do not have a good understanding of the problem described by the original poster. There are multiple authentication methods configured and it is not clear which of them the user might be using. Lacking any specific information I will assume that this is the authentication method in question
aaa authentication login default local group tacacs+
And there is something unusual about this configuration. It specifies the primary authentication method as local with tacacs as the backup method. The more usual configuration would look like this
aaa authentication login default group tacacs+ local
I also find the description of the problem confusing. The original poster says that access deny is returned which sounds like he is seeing tacacs activity. But if I am correct about the authentication method being used then local authentication is the primary method. Perhaps the original poster can provide some clarification.
HTH
Rick
08-27-2014 10:31 AM
hello - this discussion was originally published in a community that does not show discussions. as well as is not an area for technical questions. I will move this post to Network Infrastructure Other subjects.
08-30-2014 12:22 PM
I do not have a good understanding of the problem described by the original poster. There are multiple authentication methods configured and it is not clear which of them the user might be using. Lacking any specific information I will assume that this is the authentication method in question
aaa authentication login default local group tacacs+
And there is something unusual about this configuration. It specifies the primary authentication method as local with tacacs as the backup method. The more usual configuration would look like this
aaa authentication login default group tacacs+ local
I also find the description of the problem confusing. The original poster says that access deny is returned which sounds like he is seeing tacacs activity. But if I am correct about the authentication method being used then local authentication is the primary method. Perhaps the original poster can provide some clarification.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: