Email Subscription Notifications Suspended Temporarily
We are in the process of making navigation in the Servers and Operating Systems forums simpler and more direct. While doing this, we have to temporarily suspend email notifications for subscriptions. If you are subscribed to one or more discussion boards or blogs in the community, please check them daily to see new content. Notifications will be turned back on in a few days. We apologize for any inconvenience this may cause. Thanks, Warren_Admin
Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Username

Username

Hello friends,

I m doing authentication by tacacs+ through cisco ACS server.

my commands are:

tacacs-server host 10.75.7.135 key cisco
aaa authentication telnet login tacacs+ local

After entering username and password it comes to this prompt
Switch>
when i do en it again ask for username and password??

which username and password i have to input here i have not set any other user only 1 user with manager access,when i enter the same username and password it doesn't accepts it says Unable to verify password.

2) How i can remove the below command from the configuation:

aaa authentication telnet login tacacs local
aaa authentication telnet enable tacacs local

4 REPLIES
Michael_Breuer
Esteemed Contributor

Re: Username

Hello,

basically login and enable access are independant authentication processes. But you can configure the switch to honor the privileg mode avoiding a manager authenticate twice:

# aaa authenticatio login privilege-mode

2)
To remove a tacacs authentication you have to set it do default:

aaa authentication telnet login local none
aaa authentication telnet enable local none

Cheers,

Michael
Ingentive Networks GmbH
Jeff Carrell
Honored Contributor

Re: Username

'aaa authentication login privilege-mode '

Fyi, this feature/function only works with radius authenticated logins as you must also configure a radius attribute in the radius policy (server) to support its use. The switch expects a specific value to be sent back in the access-accept reply (in the "service-type" field) pkt.

BTW, be sure to configure the radius server for this use first, then add the above command in the switch, otherwise, if you put the command and then the switch does not receive one of the 2 value's it requires, you will lock yourself out of the access method where radius is being used to support authentication.

Because of the switch's requirement of receiving a specific value in the reply pkt, this feature is not available for tacacs auth.

hth...Jeff

Re: Username

Hello,

I want to do single login by ACS server and local when ACS fails what commands i have to apply please guide.

i m using tacacs

aaa authentication login privilege command doesn't work.

please help
Jeff Carrell
Honored Contributor

Re: Username

mascarenhas2010 said: "I want to do single login by ACS server and local when ACS fails what commands i have to apply please guide.

i m using tacacs "

Using tacacs, you do not get that option on ProVision software.

If you use the ACS and use its radius auth services (I've been told ACS can do radius), then you can use the above command and explicit config in the radius server (see the docs).

hth...Jeff