thunder8080
asked on
AAA and VTY access
Hi All,
I am trying to understand the workings of AAA and here is my question:
When a user telnets into a device that is configured for AAA, the line vty local paswords are ignored, correct?
I have a switch that is configured for AAA and has the following configuration under VTY lines:
line vty 0 4
password 7 3456776457888643
length 0
transport input telnet ssh
I don't seem to understand how would the tacacs authentication work in this scenario. Please note that AAA is configured on this device but no configuration of AAA appears under the VTY lines.
I personally think that the following cofiguration line should appear under the VTY line:
aaa authentication logain default group tacacs+ enable
But, it doesn't, and the user still gets authenticated by tacacs server! Can anyone please explain what might be the cause of this?
Many thanks....
I am trying to understand the workings of AAA and here is my question:
When a user telnets into a device that is configured for AAA, the line vty local paswords are ignored, correct?
I have a switch that is configured for AAA and has the following configuration under VTY lines:
line vty 0 4
password 7 3456776457888643
length 0
transport input telnet ssh
I don't seem to understand how would the tacacs authentication work in this scenario. Please note that AAA is configured on this device but no configuration of AAA appears under the VTY lines.
I personally think that the following cofiguration line should appear under the VTY line:
aaa authentication logain default group tacacs+ enable
But, it doesn't, and the user still gets authenticated by tacacs server! Can anyone please explain what might be the cause of this?
Many thanks....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yep. tacacs is never local; I mean "authentication"
conf t
aaa new-model
aaa authentication login VTY-LOGIN local
aaa authorization exec VTY-LOGIN local
line vty 0 4
authorization exec VTY-LOGIN
login authentication VTY-LOGIN