cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
299
Views
0
Helpful
3
Replies

Standalone switch with TACACS configuration

sanjaynadarajah
Level 1
Level 1

Hi,

I have a used Cisco ASR and I cannot get into the switch. It looks to me that it either has a local username and password OR the configuration had TACACS on it.

I would like to know since its a now an offline, non-production router;  if it had tacacs configuration on the router, would the router still be prompting for  the TACACS credentials if we try consoling to the router ?

Please advise.

Thank you.

Cheers,

-Sanjay-

3 Replies 3

johnlloyd_13
Level 9
Level 9

hi,

is it for an ASR router or switch?

please post the sanitized config.

If it is offline, then the TACACS server not reachable so will use the local username and password

Hello

 no it wouldn't - Usually when AAA is configured with Tacacs it is wise to apply a alternative logon access in case the Tacacs server Is unreachable 

Usually you would specify the devices local user database also

Personally when am I working remotely I apply a "backdoor" access in the form of a rotary vtty port- This gives me access even if Tacacs is enabled 

When I am on site and have direct access to the console as an small interim security measure I apply a console command -  activation-character 64

This gives me a good measure of local security access without applying any global access control feature

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco