[c-nsp] TACACS+ for console problem

Shishir Saud shishir at subisu.net.np
Mon May 31 03:41:04 EDT 2010


You want Tacacs+ to work for vty and console sessions or not ? Or you want
to use different username and password for console ?
Can you paste your tacacs+ + vty and console config with logs if possible.



> Yeah, thats true, it is login not line.  But the problem is same
>
> line con 0
>> password cisco
>> line authentication CONSOLE.
>
> Shouldn't it be "login authentication CONSOLE" ?
>
> Hi, i am using TACACS+ for my Network. After configuring the device, if i
> want to login through the console, it is not taking any password and
> continuosly showing " Con 0 is available".
>
> These are my commands used:
> aaa new-model
>
> aaa authentication login default group tacacs+ line
>
> aaa authentication enable default group tacacs+ enable
>
> aaa authorization exec default group tacacs+ if-authenticated
>
> aaa authorization commands 15 default group tacacs+ if-authenticated
>
> aaa accounting exec default start-stop group tacacs+
>
> aaa accounting commands 1 default start-stop group tacacs+
>
> aaa accounting commands 15 default start-stop group tacacs+
>
> aaa accounting connection default start-stop group tacacs+
>
> aaa accounting system default start-stop group tacacs+
>
>
> tacacs-server host ip add.
> tacacs-server key [Key].
>
> After searching in the internet, i got one solution says use the named
> list as below.
>
> aaa authentication login CONSOLE line
> &
>
> line con 0
> password cisco
> login authentication CONSOLE.
>
> With this configuration, i am able to login the switch, but it is taking
> the console password instead of line password which is defined in the
> command.
>
> Then, i have tested the command :
> aaa authentication login CONSOLE none.
>
> Which means no authentication required, but it still asking for the
> password, which is console password.
>
> Then i have removed aaa commands from config mode and line console mode.
> i have used only console password. still it is working, then what is the
> significance of aaa commands for console.
>
> please give your suggestions.
>
> thanks in advance.
>
> P.Ambedkar.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


Regards,
Shishir Saud
Engineer - Systems-Networks-R&D
Subisu Cablenet (P.) Ltd.
148 Thirbum Sadak
Baluwatar, Kathmandu
Nepal


T: 00977 1 4429616/17 Ext.: 121
F: 00977 1 4430572

http://www.subisu.net.np

(An ISO 9001:2000 Certified Company)




More information about the cisco-nsp mailing list