Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
841
Views
4
Helpful
2
Replies

Tacacs Issue - Unable to login with Local Account

kannan.kannan
Level 1
Level 1

‎06-11-2013 11:30 PM - edited ‎03-07-2019 01:50 PM

Hi Team,

We created some local account for this switch but we unable to login when the TACACS Server down.

Please check the below config to verify and let me know is there any config issue.

3750 Switch


aaa group server tacacs+ ACS

server x.x.x.x

server x.x.x.x

ip vrf forwarding Mgmt

ip tacacs source-interface GigabitEthernet0

!

aaa authentication login default group ACS local

aaa authentication login console group ACS local

aaa authorization console

aaa authorization exec default group ACS local

aaa authorization exec console if-authenticated

aaa authorization commands 1 default group ACS local

aaa authorization commands 15 default group ACS local

----------

username xxxx privilege 15 password 7 xxx

username xxxxx privilege 15 password 7 xxxx

username xxxxx privilege 15 password 7 xxxx

username xxxxxx privilege 15 password 7 xxxx

username xxxxxx privilege 15 password 7 xxxx

username xxxxxx privilege 15 password 7 xxxx

username admin privilege 15 secret 4 xxxx

---------

tacacs-server host x.x.x.x key 7 xxxxxxx

tacacs-server host x.x.x.x key 7 xxxxxxx

tacacs-server directed-request

!

--------------

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

password 7 xxxxxx

transport input ssh

line vty 5 15

transport input ssh

!

end

-----------------------------------------------------------------------------

interface GigabitEthernet0

vrf forwarding Mgmt

ip address x.x.x.x 255.255.254.0

speed 100

no negotiation auto

end

Thanks & Regards,

Kannan

Labels:
0 Helpful
2 Replies 2

kcnajaf
Level 7
Level 7

‎06-12-2013 12:29 AM

HI Kannan,

Try this

config terminal

line vty 0 4

login authentication ACS

Hope  that helps

Regards

Najaf

Please rate when applicable or helpful !!!

cadet alain
VIP Alumni
VIP Alumni

‎06-12-2013 12:37 AM

Hi,

you have 2 methods of authentication for login, the default and one called console :

aaa authentication login default group ACS local

aaa authentication login console group ACS local

So get rid of second one :

no aaa authentication login console group ACS local

aaa authentication login default group ACS local

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card