03-31-2016 04:02 PM - edited 03-05-2019 03:41 AM
Hi,
I have a used Cisco ASR and I cannot get into the switch. It looks to me that it either has a local username and password OR the configuration had TACACS on it.
I would like to know since its a now an offline, non-production router; if it had tacacs configuration on the router, would the router still be prompting for the TACACS credentials if we try consoling to the router ?
Please advise.
Thank you.
Cheers,
-Sanjay-
04-01-2016 12:19 AM
hi,
is it for an ASR router or switch?
please post the sanitized config.
04-01-2016 10:04 PM
If it is offline, then the TACACS server not reachable so will use the local username and password
04-02-2016 08:26 AM
Hello
no it wouldn't - Usually when AAA is configured with Tacacs it is wise to apply a alternative logon access in case the Tacacs server Is unreachable
Usually you would specify the devices local user database also
Personally when am I working remotely I apply a "backdoor" access in the form of a rotary vtty port- This gives me access even if Tacacs is enabled
When I am on site and have direct access to the console as an small interim security measure I apply a console command - activation-character 64
This gives me a good measure of local security access without applying any global access control feature
res
Paul
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: