tacacs

pawanopensource
pawanopensource used Ask the Experts™
on
we had configured tacacs+ in office, it works with LDAP users. i want to create a user in my test switch because in case my tacacs server goes down we can login through that user. below is the aaa config

user - cisco
passwd - cisco


aaa new-model
aaa authentication login default group tacacs+ local line enable
aaa authentication login telnet group tacacs+ local
aaa authentication enable default enable
aaa authorization exec default if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting update newinfo
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+

ip default-gateway 10.2.0.11
ip http server
ip http secure-server
tacacs-server host 10.5.2.24
tacacs-server host 10.1.236.221
no tacacs-server directed-request
tacacs-server key password
radius-server source-ports 1645-1646
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
SouljaSr.Net.Eng
Top Expert 2011

Commented:
username cisco privilege 15 secret 0 cisco

Author

Commented:
no this command didnt worked cisco is not able to login where all LDAP users can login.

Author

Commented:
where as all LDAP users can login.
Commented:
Hi,


Try change it to:

aaa authentication login tacacs+ local
aaa authentication enable tacacs+ local

Remember, it only works when tacacs+ fails.
TolomirAdministrator
Top Expert 2005

Commented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial