cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

761
Views
15
Helpful
6
Replies
Contributor

How to Go directly into priv mode with local account and AAA configured

I would like to know how to go directly into priveledge mode using local account (if TACACs is down). I tried doing different "if-authenticated configs" and it still prompts for an enable password to go into enable mode. Also, is there anything else I need to add under line console 0 if I want to always use local accounts to access the line con 0?

Here are my AAA configs:

 

aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

6 REPLIES 6
Collaborator

Re: How to Go directly into priv mode with local account and AAA configured

Hi,

 

what is the configuration of the local user account? It should be something like:

username XXXX secret XXXX priviledge XXXX

For console login to use local account, make sure you have a local account and try the following:

 

aaa authentication login console-login local

 

line console 0

     login authentication console-login

 

Thanks

John

 

**Please rate posts you find helpful**
Contributor

Re: How to Go directly into priv mode with local account and AAA configured

Yes it is priv 15 for user account.
I thought the AAA authentication will apply to all mgmt. ports (mgmt., line con, vty, etc.)?
Highlighted
Contributor

Re: How to Go directly into priv mode with local account and AAA configured

Yes username is priv 15.
If I don't add the AAA authentication config and line con 0 config you described, will I still be prompted to enter my TACACs creds if the server is up when attempting to console into a device?
VIP Mentor

Re: How to Go directly into priv mode with local account and AAA configured

Hello,

the below gets you directly into enable mode when using the local account, is this what you are looking for ?

username admin privilege 15 secret cisco
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated

 

line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1

Contributor

Re: How to Go directly into priv mode with local account and AAA configured

Oh ok so I should take out the "line enable" from my 1st AAA config line, and then add: privilege level 15 under line vty 0 4? what about vty 5 15?
VIP Mentor

Re: How to Go directly into priv mode with local account and AAA configured

Exactly.

And yes, configure vty 5 15 in the same way as 0 4.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here