I'd recommend using console access as a "last resort" way of accessing your device in case no remote access is possible, in most cases when there are some connectivity failures your device can't authenticate with tacacs, right? So you should have a failover to a local user/password. In the console access you could make it _always_ local by just setting something like:
! line con 0 login authentication local ! Hope this helps Ziv -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of ambedkar Sent: Friday, May 28, 2010 9:21 AM To: [email protected] Subject: [c-nsp] TACACS+ for console problem Hi, i am using TACACS+ for my Network. After configuring the device, if i want to login through the console, it is not taking any password and continuosly showing " Con 0 is available". These are my commands used: aaa new-model aaa authentication login default group tacacs+ line aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ if-authenticated aaa authorization commands 15 default group tacacs+ if-authenticated aaa accounting exec default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ tacacs-server host ip add. tacacs-server key [Key]. After searching in the internet, i got one solution says use the named list as below. aaa authentication login CONSOLE line & line con 0 password cisco line authentication CONSOLE. With this configuration, i am able to login the switch, but it is taking the console password instead of line password which is defined in the command. Then, i have tested the command : aaa authentication login CONSOLE none. Which means no authentication required, but it still asking for the password, which is console password. Then i have removed aaa commands from config mode and line console mode. i have used only console password. still it is working, then what is the significance of aaa commands for console. please give your suggestions. thanks in advance. P.Ambedkar. _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/ ************************************************************************************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************************ ************************************************************************************ This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses. ************************************************************************************ _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
