09-06-2017 10:50 AM - edited 03-12-2019 04:31 AM
I would like to know how to go directly into priveledge mode using local account (if TACACs is down). I tried doing different "if-authenticated configs" and it still prompts for an enable password to go into enable mode. Also, is there anything else I need to add under line console 0 if I want to always use local accounts to access the line con 0?
Here are my AAA configs:
aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
09-06-2017 08:54 PM
Hi,
what is the configuration of the local user account? It should be something like:
username XXXX secret XXXX priviledge XXXX
For console login to use local account, make sure you have a local account and try the following:
aaa authentication login console-login local
line console 0
login authentication console-login
Thanks
John
09-11-2017 11:47 AM
09-11-2017 11:53 AM
09-07-2017 04:46 AM
Hello,
the below gets you directly into enable mode when using the local account, is this what you are looking for ?
username admin privilege 15 secret cisco
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ if-authenticated
line vty 0 4
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
09-11-2017 11:50 AM
09-11-2017 12:55 PM
Exactly.
And yes, configure vty 5 15 in the same way as 0 4.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide