If someone has physical access to a Cisco router they can initiate a password recovery; tacacs vs local account doesn't matter at that point.
On Mon, Dec 29, 2014 at 12:28 PM, Colton Conor <colton.co...@gmail.com> wrote: > Glad to know you can make local access only work if TACAS+ isn't > available. However, that still doesn't prevent the employee who know the > local username and password to unplug the device from the network, and the > use the local password to get in. Still better than our current setup of > having one default username and password that everyone knows. > > >