cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2736
Views
0
Helpful
5
Replies

Default password is working with Tacacs+ switch

Hello all,

i`ve been facing some issues lately.

we use tacacs+ for our switches to authenticate and authorize. But we noticed that no matter username is, when we type password "cisco" we can log in to switch.

Anyone faced this issue before or know why it is like this?

login as: cisco

Using keyboard-interactive authentication.

password:

Using keyboard-interactive authentication.

Password:

************************* WARNING MESSAGE *************************

* USE OF THIS SYSTEM IS RESTRICTED TO AUTHORISED USERS ONLY.      *

* UNAUTHORISED ACCESS OR USE IS PROHIBITED. YOU MUST HAVE         *

* EXPLICIT PERMISSION TO ACCESS THIS DEVICE. YOUR ACTIONS ON THIS *

* SYSTEM IS LOGGED AND VIOLATORS WILL BE PROSECUTED.              *

*                      AUTHORISED USE ONLY                        *

************************* WARNING MESSAGE *************************

switch1>

5 Replies 5

cadet alain
VIP Alumni
VIP Alumni

Hi,

Can you post your config.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hello,

Below is my configuration for log in:

aaa authentication login VTY-LOGIN group TACACS local-case enable

aaa authentication login CONSOLE group TACACS local-case none

aaa authentication enable default group TACACS enable line none

aaa authorization exec EXEC-AUTH group TACACS if-authenticated local none

aaa authorization commands 1 COMMANDS-1-AUTH group TACACS if-authenticated local none

aaa authorization commands 15 COMMANDS-15-AUTH group TACACS if-authenticated local none

aaa accounting exec EXEC-ACCOUNTING start-stop group TACACS

aaa accounting commands 1 COMMANDS-1-ACCT start-stop group TACACS

aaa accounting commands 15 COMMANDS-15-ACCT start-stop group TACACS

Hi,

Can you perform debug aaa authentication while login and post output here.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I believe that the output of show tacacs might be helpful.

HTH

Rick

HTH

Rick

Hi,

yes indeed you're right Richards and this was going to be my next request  after viewing the debug output.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Review Cisco Networking for a $25 gift card