Solved: Re: line vty authentication question

gibsowe55 · ‎09-28-2018

Hello - I'm wondering if I'll be able to access a pre-configured switch after deployment without TACACS credentials. The line that reads login authentication *ACS username" (I've hidden the actual username) will this require TACACS? Or will the access-cass sshin in command let me in with local enable password?

line vty 0 4
access-class sshin in
privilege level 15
logging synchronous
login authentication *ACS username"
length 0
transport input ssh
line vty 5 15
access-class sshin in
privilege level 15
logging synchronous
login authentication *ACS username*
length 0
transport input ssh

Georg Pauwen · ‎09-28-2018

Exactly. Test this locally before sending the switch off though...

View solution in original post

Georg Pauwen · ‎09-28-2018

Hello,

'login authentication' under the VTY lines requires TACACS. Hoever, if you have 'local' configured in your aaa model, local enable password should work if TACACS is not available.

To be sure your config works, post it here in full...

gibsowe55 · ‎09-28-2018

Hi George - I found the line "aaa authentication login *ACS username* group tacacs+ local"

So you're saying the tacacs+ local portion will allow local login if tacacs isn't available?

Georg Pauwen · ‎09-28-2018

Exactly. Test this locally before sending the switch off though...