I am trying to understand the workings of AAA and here is my question:
When a user telnets into a device that is configured for AAA, the line vty local paswords are ignored, correct?
I have a switch that is configured for AAA and has the following configuration under VTY lines:
line vty 0 4
password 7 3456776457888643
transport input telnet ssh
I don't seem to understand how would the tacacs authentication work in this scenario. Please note that AAA is configured on this device but no configuration of AAA appears under the VTY lines.
I personally think that the following cofiguration line should appear under the VTY line:
aaa authentication logain default group tacacs+ enable
But, it doesn't, and the user still gets authenticated by tacacs server! Can anyone please explain what might be the cause of this?