cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

211
Views
5
Helpful
5
Replies
Beginner

unable to login via radius user and switch local username

Hi,

 

aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable

 

username admin1 password 7 13173623092A256658743630

 

I am trying to login to the switch using tacacs but due to tacacs server issue, i cant login. Therefore I tried to login using local username admin1 but it rejected as well.

Am i correct to say that if tacacs server down, username "admin1" can login using unencrypted password above?

 

5 REPLIES 5
Advocate

Re: unable to login via radius user and switch local username

Hi @getaway51 

 

Am i correct to say that if tacacs server down, username "admin1" can login using unencrypted password above?

 

You are correct


Maybe you could give more background to try to find out why the device does not allow logging.

 

Regards

 

Beginner

Re: unable to login via radius user and switch local username

Hi,

 

Currently i cant login via tacacs and also not via the local user-admin1. not sure why

Anyway if i plug in console, do i use tacacs or local user?

Highlighted

Re: unable to login via radius user and switch local username

 

It looks like the device could reach to the tacacs server, but user authentication failed. As a result, it could not failover to local database. It could be due to either mis-configuration of tacacs on the switch, or failed authentication. 

 

You can attempt login on console port using local username/password. If it is not working, I would login to the upstream switch/router: block traffic from the switch to the tacacs server using ACL (be careful when you write the ACL), login using the local username/password, and double check the tacacs configuration on the switch.

 

HTH,

Meheretab

Beginner

Re: unable to login via radius user and switch local username

Hi,

 

Does it means login via console port must use local username or tacacs? 

Wht CLI define this?

Re: unable to login via radius user and switch local username

 

From the configuration you shared, aaa authentication login default group tacacs+ local, I saw that you are using the default list which is applied to all login connections (such as vty, console, aux). As a result, login from console is also authenticated using tacacs server followed by local. 

 

If you want to read more, please look at the following page:-  https://www.cisco.com/c/en/us/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10384-security.html#login_auth

 

HTH,

Meheretab

CreatePlease to create content
Content for Community-Ad