12-28-2016 03:59 PM
Hello, I have an issue with the following tacacs config:
enable password blabla123!
aaa authentication login default tacacs enable
aaa authentication enable default tacacs enable
line telnet
login authentication default
enable authentication default
password blabla456!
line ssh
login authentication default
enable authentication default
password blabla789!
!
So my goal is to use tacas as the default authentication mechenism and fallback to the enable password if tacacs is unavailable. All works fine with tacacs. When tacacs is unavailable I get prompted for a password instead of a username. So far all works as expected. Now I try to enter the configured enable password or any of the other configered passwords, but all fail to work. Pressing enter instead (so no password) will grant me access to the exec level, that is totally wrong! From exec I can then enter the enable mode by supplying the enable password.
Is the entering of exec level without a password a bug or is my configuration wrong?
Running 1.4.0.88
01-09-2017 08:26 AM
Hello, I want to supply this issue with some extra information and experience:
All in all it is quite frustrating that all the basic knowledge that Cisco owns in IOS/XE/XR is not really incorporated into this OS. Some feedback would be appreciated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide