Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
410
Views
5
Helpful
2
Replies

User Exec access while TACACS is down

todd.martin
Level 1
Level 1

‎11-10-2006 01:05 PM - edited ‎03-03-2019 02:40 PM

I have a requirement to provide user-exec access to a router(s).

These routers are normally on TACACS, but when TACACS is unreachable, they need to login with local credentials that are different from that of the engineering team.

How can I set up user exec access that will authenticate locally without giving them the enable password?

Labels:
0 Helpful
2 Replies 2

paolo bevilacqua
Hall of Fame
Hall of Fame

‎11-10-2006 04:06 PM

you configure username, password and the desired privilege level. Then in aaa configuration just put local after tacacs.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to paolo bevilacqua

‎11-10-2006 06:49 PM

Todd

paolo has given the answer that seems to meet your requirements. There is an aspect that you need to consider before you implement this. When you configure aaa authentication you can list several methods. The router attempts to use the first method and if there is an error it will try the next method. So if you configure aaa authentication listing tacacs as the first method and listing local as the second method then the router will attempt tacacs and if there is an error it will prompt for a user name and password which are configured on the router. Be aware that it will do this for all users. Your post indicated that these users would have access rights different from the engineering group. With the suggestion from paolo it will treat both groups the same and you will need configured name and password not only for these users but also for the engineering group. Is that ok?

HTH

Rick

HTH

Rick
Customers Also Viewed These Support Documents