07-05-2012 05:44 AM - edited 03-10-2019 07:16 PM
Hello guys,
I've noticed a strange behaviour with AAA authentication login.
My AAA configuration for login authentication is: aaa authentication login default group tacacs+ local
No tacacs server exists, but username and password in local database does. Indeed everything works fine when I log in: aaa authentication login default group tacacs+ local line none
The problem comes up when I add to the method list line and none authentication methods.
In this case, when I log into the switch (via console for example), and I'm asked for username, there is no validation of the username, I mean to say, I can put whatever username and been granted access.
Conclusion: According to my aaa authentication list, method line or none should not be used unless tacacs and local are not available. In this case, local method is available and should fail so login should be rejected, but it jumps to the next method, finally giving access.
Is this a bug in AAA? or am I misunderstanding something.
Thanks a lot.
Solved! Go to Solution.