Custom Search

To advertise on this site email advertise@goatnetworking.com

Cannot log into Cisco 6500 when the TACACS server is not up

Anything to do with User Authentication
Site Admin
User avatar
Posts: 369
Joined: Wed Jan 04, 2012 2:36 pm

Cannot log into Cisco 6500 when the TACACS server is not up

Postby admin » Tue Mar 20, 2012 12:26 pm

I found that after the TACACS server was unreachable I wasn't able to make cany changes, I would get a command authorization error. At this point, I was locked out of my switch and couldnt make any changes. I had to resolve the TACACS connectivity issue before I could regain access to the switch.

I found that I was missing the "LOCAL" statement on the authorization commands. These commands authenticate the users for every command that is entered on the device. I did some testing on a 2950 switch, 1841 router and they do NOT need the "LOCAL" command to use the local authentication to configure the device. I'm not sure if I ran into a bug, or simply the different ways that the different platforms work.

aaa authorization commands 0 default group tacacs+ local if-authenticated
aaa authorization commands 1 default group tacacs+ local if-authenticated
aaa authorization commands 15 default group tacacs+ local if-authenticated



Return to Authentication (TACACS/Radius)

Twitter Facebook

Who is online

Users browsing this forum: No registered users and 1 guest