cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
183
Views
0
Helpful
3
Replies
sanjaynadarajah
Beginner

Standalone switch with TACACS configuration

Hi,

I have a used Cisco ASR and I cannot get into the switch. It looks to me that it either has a local username and password OR the configuration had TACACS on it.

I would like to know since its a now an offline, non-production router;  if it had tacacs configuration on the router, would the router still be prompting for  the TACACS credentials if we try consoling to the router ?

Please advise.

Thank you.

Cheers,

-Sanjay-

3 REPLIES 3
johnlloyd_13
Engager

hi,

is it for an ASR router or switch?

please post the sanitized config.

Richard Bradfield
Frequent Contributor

If it is offline, then the TACACS server not reachable so will use the local username and password

paul driver
VIP Mentor

Hello

 no it wouldn't - Usually when AAA is configured with Tacacs it is wise to apply a alternative logon access in case the Tacacs server Is unreachable 

Usually you would specify the devices local user database also

Personally when am I working remotely I apply a "backdoor" access in the form of a rotary vtty port- This gives me access even if Tacacs is enabled 

When I am on site and have direct access to the console as an small interim security measure I apply a console command -  activation-character 64

This gives me a good measure of local security access without applying any global access control feature

res

Paul



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future