09-28-2018 08:24 AM
Hello - I'm wondering if I'll be able to access a pre-configured switch after deployment without TACACS credentials. The line that reads login authentication *ACS username" (I've hidden the actual username) will this require TACACS? Or will the access-cass sshin in command let me in with local enable password?
line vty 0 4
access-class sshin in
privilege level 15
logging synchronous
login authentication *ACS username"
length 0
transport input ssh
line vty 5 15
access-class sshin in
privilege level 15
logging synchronous
login authentication *ACS username*
length 0
transport input ssh
Solved! Go to Solution.
09-28-2018 08:55 AM
Exactly. Test this locally before sending the switch off though...
09-28-2018 08:42 AM
Hello,
'login authentication' under the VTY lines requires TACACS. Hoever, if you have 'local' configured in your aaa model, local enable password should work if TACACS is not available.
To be sure your config works, post it here in full...
09-28-2018 08:53 AM
Hi George - I found the line "aaa authentication login *ACS username* group tacacs+ local"
So you're saying the tacacs+ local portion will allow local login if tacacs isn't available?
09-28-2018 08:55 AM
Exactly. Test this locally before sending the switch off though...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide