Cisco tacacs question
I'm configuring a router with our acs. It's working fine but the fallback method is giving me a login as prompt. I'm using the line password as fallback. to test fallback i remove the ip address of the acs and it does work. but i still get a login as prompt and i can basically put in anything as the username and use the password on the vty line and get in. i would like to not see the login as prompt and just get a prompt for the password. i'm probably missing something real simple.
aaa authentication login default group tacacs+ line
line vty 0 4
exec-timeout 15 0
privilege level 15
password 7 141419031E11267836
transport input ssh
line vty 5 15
exec-timeout 15 0
privilege level 15
password 7 141419031E11267836
aaa authentication login default group tacacs+ line
line vty 0 4
exec-timeout 15 0
privilege level 15
password 7 141419031E11267836
transport input ssh
line vty 5 15
exec-timeout 15 0
privilege level 15
password 7 141419031E11267836
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
what's a little weird is that other devices that are on tacacs before i got here have the same config. I'm just adding some new devices to acs and using the config that's in the other devices. the other devices when they've lost contact with acs have only prompted for the password that's configured on the vty line and not the username.
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
Correct, when they have lost contact however, have you tried it by removing the IP of the tacacs server?
ASKER
yeah, just tried that. what's weird if i lab it in gsn3 it works fine. i just get the password prompt. maybe the router just needs to be rebooted. I'll also try adding another router to acs and see if the results are the same.
ASKER
I figured it out. apparently ssh doesn't allow logging in via just a password prompt. going to change to failback local instead of line.
Cisco
Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).
27K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER