Suddenly we cannot access routers

After we configured several router and switches with aaa/tacacs, all of them began to work. but recently we cannot access two of these routers. When we try to access the two with ssh, we are denied with authentication issue Which one we need to check first and resolve the issue? thanks
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

nociSoftware EngineerCommented:
(besides) configuration errors?
Are the switches allowed to access the tacacs / radius server.
mwaukiSystems EngineerCommented:
i would factory reset and reload backedup configs
Benjamin Van DitmarsSr Network EngineerCommented:
first look at the log's of your tacacs server to see why you cant login to the boxes
Price Your IT Services for Profit

Managed service contracts are great - when they're making you money. Yes, you’re getting paid monthly, but is it actually profitable? Learn to calculate your hourly overhead burden so you can master your IT services pricing strategy.

did you create a local account on each unit as a backup in case aaa/tacas failed? Use that account to get on and get a backup of the config asap.
nociSoftware EngineerCommented:
If you can still access the system using other means check their logs.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eemoonAuthor Commented:
we resolved the issue. they mistook us into another group of tacacs.

I agree with comments of your guys. now i can see one of the posts above:

did you create a local account on each unit as a backup in case aaa/tacas failed? Use that account to get on and get a backup of the config asap.

do you mean using command " username xxx password yyy" ?
actually we have the command, but this cannot work until tacacs server connection is lost. do you think so?
Thank you!!
Benjamin Van DitmarsSr Network EngineerCommented:
Yes this account will only be used when the tacacs is not available, you need a local account and change the aaa rules.
to do local login when tacacs host failed.
eemoonAuthor Commented:
if tacacs server connection always work well in the network, is there possible for us to configure console in case in emergence situation we need to login to  router. i guess it is no. how do you think about it?
Benjamin Van DitmarsSr Network EngineerCommented:
we always have a backup account. when your tacacs server brakes down you have a problem getting in to your devices.
also when you have remotes sites and your tunnel fails.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.