Re: How to bypass tacacs on console connection in cisco nexus 9000

Ramirov · ‎06-21-2019

Hi guys , I need to connect via console without pass/user or with local user/pass , but I have tacacs configured for all lines , I tried with aaa authentication login console none , but I think I have problems with aaa autho..

Should I remove the line aaa authorization commands console group TACACS+ local??

This is my actual config. Nexus 9000

aaa authentication login default group TACACS+
aaa authorization config-commands default group TACACS+ local
aaa authorization commands default group TACACS+ local
aaa authorization commands console group TACACS+ local
tacacs-server directed-request

Thanks in advance.

BR

Giuseppe Larosa · ‎06-21-2019

Hello Ramirov,

try the following

aaa authentication login CONSOLE local

line con 0

login authentication CONSOLE

Edit:

this is how it works on IOS. the command under the line con 0 is login authentication <name>

Hope to help

Giuseppe

Ramirov · ‎06-22-2019

Hello Giuseppe , is not the same on NXOS.

switch(config-console)# login ?
No matching command found in current mode, matching in (config) mode

in-failure Set options for failed login attempt
on-success Set options for successful login attempt

aamadulin.accenture · ‎08-16-2020

Hi Ramirov,

Are you able to solve this one? facing the same issue...

Ramirov · ‎08-17-2020

Yep ,

I add aaa authentication login console local and remove aaa authorization commands console