[c-nsp] TACACS+ for console problem

Ziv Leyes zivl at gilat.net
Tue Jun 1 05:28:49 EDT 2010 

I'd recommend using console access as a "last resort" way of accessing your device in case no remote access is possible, in most cases when there are some connectivity failures your device can't authenticate with tacacs, right? So you should have a failover to a local user/password.
In the console access you could make it _always_ local by just setting something like:

!
line con 0
login authentication local
!

Hope this helps
Ziv

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of ambedkar 
Sent: Friday, May 28, 2010 9:21 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] TACACS+ for console problem


Hi, i am using TACACS+ for my Network. After configuring the device, if i want to login through the console, it is not taking any password and continuosly showing " Con 0 is available".

These are my commands used:
aaa new-model

aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+


tacacs-server host ip add.
tacacs-server key [Key].

After searching in the internet, i got one solution says use the named list as below.

aaa authentication login CONSOLE line
 &

line con 0
password cisco
line authentication CONSOLE.

With this configuration, i am able to login the switch, but it is taking the console password instead of line password which is defined in the command.

Then, i have tested the command :
aaa authentication login CONSOLE none.

Which means no authentication required, but it still asking for the password, which is console password.

Then i have removed aaa commands from config mode and line console mode.
i have used only console password. still it is working, then what is the significance of aaa commands for console.

please give your suggestions.

thanks in advance.

P.Ambedkar.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************

More information about the cisco-nsp mailing list