authentication login default group TACACS line
!
line console
secret 5 **
authorization exec CONSOLE
login authentication CONSOLE
!
From: Scott Miller
Date: Thursday, December 3, 2020 at 5:11 PM
To: Eric Van Tol
Cc: Aaron , "cisco-nsp@puck.nether.net"
Subject: Re: [c-nsp] AAA on IOS-
This is our config to do just that. Running 7.0.2
aaa authorization exec LOCAL local
aaa authorization exec TACACS group TACACS local
aaa authentication login LOCAL local
aaa authentication login TACACS group TACACS local
aaa accounting exec default start-stop group TACACS
aaa accounting system
Yes, that was a copy-paste typo.
From: Aaron
Date: Thursday, December 3, 2020 at 2:18 PM
To: Eric Van Tol
Cc: Scott Miller , "cisco-nsp@puck.nether.net"
Subject: Re: [c-nsp] AAA on IOS-XR (NCS540)
EXTERNAL - Do not click links or open attachments from an unverified
sou
expect TACACS to work at all if I was missing a config to allow it to
> respond to the router.
>
> From: Scott Miller
> Date: Thursday, December 3, 2020 at 1:52 PM
> To: Eric Van Tol
> Cc: "cisco-nsp@puck.nether.net"
> Subject: Re: [c-nsp] AAA on IOS-XR (NCS540)
>
&
TACACS to work at all if I was missing a config to allow it to respond to the
router.
From: Scott Miller
Date: Thursday, December 3, 2020 at 1:52 PM
To: Eric Van Tol
Cc: "cisco-nsp@puck.nether.net"
Subject: Re: [c-nsp] AAA on IOS-XR (NCS540)
EXTERNAL - Do not click links or open a
Do you have the control-plane set up?
tacacs source-interface Loopback100 vrf default
tacacs-server host 11.11.11.11 port 49
key 7
!
tacacs-server host 22.22.22.22 port 49
key 7
!
aaa accounting exec default start-stop group acs-tacacs
aaa
Hi all,
I’m going nuts here trying to get my AAA set up on an NCS. The goal is to
authenticate against TACACS on VTY lines but either use the local user database
or line/enable for console access and I cannot get it right. Sometimes my VTY
authentication fails the first time and it requires you