Hello

sanjaynadarajah · ‎03-31-2016

Hi,

I have a used Cisco ASR and I cannot get into the switch. It looks to me that it either has a local username and password OR the configuration had TACACS on it.

I would like to know since its a now an offline, non-production router; if it had tacacs configuration on the router, would the router still be prompting for the TACACS credentials if we try consoling to the router ?

Please advise.

Thank you.

Cheers,

-Sanjay-

johnlloyd_13 · ‎04-01-2016

hi,

is it for an ASR router or switch?

please post the sanitized config.

Richard Bradfield · ‎04-01-2016

If it is offline, then the TACACS server not reachable so will use the local username and password

paul driver · ‎04-02-2016

Hello

no it wouldn't - Usually when AAA is configured with Tacacs it is wise to apply a alternative logon access in case the Tacacs server Is unreachable

Usually you would specify the devices local user database also

Personally when am I working remotely I apply a "backdoor" access in the form of a rotary vtty port- This gives me access even if Tacacs is enabled

When I am on site and have direct access to the console as an small interim security measure I apply a console command - activation-character 64

This gives me a good measure of local security access without applying any global access control feature

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Standalone switch with TACACS configuration