AsenathWaite
asked on
AAA authentication question
I have a Cisco ACS server set up (TACACS+/RADIUS) and I'm a little confused about the router settings for this.
here is what works fine...
aaa new-model
aaa authentication login default group tacacs+ local
tacacs-server host 192.168.12.50 key ****
username test password test
So if the ACS server is unavailable, it will use the lcoal database.
But I also want to disable TACACS+ completely on the console port. I tried this...
aaa authentication login no-tacacs+ enable
line con 0
login authentication no_tacacs+
But I get an error regarding the group "no-tacacs+"
Looks like I'm mising something here, so any help would be greatly appreciated.
here is what works fine...
aaa new-model
aaa authentication login default group tacacs+ local
tacacs-server host 192.168.12.50 key ****
username test password test
So if the ACS server is unavailable, it will use the lcoal database.
But I also want to disable TACACS+ completely on the console port. I tried this...
aaa authentication login no-tacacs+ enable
line con 0
login authentication no_tacacs+
But I get an error regarding the group "no-tacacs+"
Looks like I'm mising something here, so any help would be greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
login authentication no_tacacs+ (you have the group specified as "no-tacacs+")
^