09-28-2018 08:24 AM
Hello - I'm wondering if I'll be able to access a pre-configured switch after deployment without TACACS credentials. The line that reads login authentication *ACS username" (I've hidden the actual username) will this require TACACS? Or will the access-cass sshin in command let me in with local enable password?
line vty 0 4
access-class sshin in
privilege level 15
logging synchronous
login authentication *ACS username"
length 0
transport input ssh
line vty 5 15
access-class sshin in
privilege level 15
logging synchronous
login authentication *ACS username*
length 0
transport input ssh
Solved! Go to Solution.
09-28-2018 08:55 AM
Exactly. Test this locally before sending the switch off though...
09-28-2018 08:42 AM
Hello,
'login authentication' under the VTY lines requires TACACS. Hoever, if you have 'local' configured in your aaa model, local enable password should work if TACACS is not available.
To be sure your config works, post it here in full...
09-28-2018 08:53 AM
Hi George - I found the line "aaa authentication login *ACS username* group tacacs+ local"
So you're saying the tacacs+ local portion will allow local login if tacacs isn't available?
09-28-2018 08:55 AM
Exactly. Test this locally before sending the switch off though...
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: