10-12-2017 07:59 AM - edited 03-08-2019 12:20 PM
If I have the following AAA configs, do I still need to enter "login loca" under the line console 0 and line vty 0 15 lines in order to use the local user account configured on the device to access the device if AAA is down?
aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
Solved! Go to Solution.
10-12-2017 08:23 AM - edited 10-12-2017 08:24 AM
Heres a working one may help when ACS server is down it reverts back to username and local passwords
aaa group server tacacs+ XLNX
server-private X.X.X.X key 7 151F4E36366F237D2A64637F404632483002187F7D
server-private X.X.X.X key 7 1214402D204E045D287C7275607406583642422678
ip vrf forwarding Mgmt-vrf
ip tacacs source-interface GigabitEthernet0/0/5
!
aaa authentication login default group XLNX local enable
aaa authentication enable default group XLNX enable
aaa authorization exec default group XLNX local
aaa accounting exec default start-stop group XLNX
aaa accounting commands 0 default start-stop group XLNX
aaa accounting commands 1 default start-stop group XLNX
aaa accounting commands 15 default start-stop group XLNX
aaa accounting network default start-stop group XLNX
aaa accounting connection default start-stop group XLNX
aaa accounting system default start-stop group XLNX
line vty 0 4
exec-timeout 30 0
length 0
transport input ssh
username netadmin secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
10-12-2017 08:15 AM
No, you don't. As long as you have a local user name and password on the device, you should be good to go.
HTH
10-12-2017 08:23 AM - edited 10-12-2017 08:24 AM
Heres a working one may help when ACS server is down it reverts back to username and local passwords
aaa group server tacacs+ XLNX
server-private X.X.X.X key 7 151F4E36366F237D2A64637F404632483002187F7D
server-private X.X.X.X key 7 1214402D204E045D287C7275607406583642422678
ip vrf forwarding Mgmt-vrf
ip tacacs source-interface GigabitEthernet0/0/5
!
aaa authentication login default group XLNX local enable
aaa authentication enable default group XLNX enable
aaa authorization exec default group XLNX local
aaa accounting exec default start-stop group XLNX
aaa accounting commands 0 default start-stop group XLNX
aaa accounting commands 1 default start-stop group XLNX
aaa accounting commands 15 default start-stop group XLNX
aaa accounting network default start-stop group XLNX
aaa accounting connection default start-stop group XLNX
aaa accounting system default start-stop group XLNX
line vty 0 4
exec-timeout 30 0
length 0
transport input ssh
username netadmin secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
10-12-2017 09:18 AM
10-12-2017 09:51 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide