Switches, Hubs, and Modems
Showing results for 
Search instead for 
Did you mean: 




Hello friends,

I m doing authentication by tacacs+ through cisco ACS server.

my commands are:

tacacs-server host key cisco
aaa authentication telnet login tacacs+ local

After entering username and password it comes to this prompt
when i do en it again ask for username and password??

which username and password i have to input here i have not set any other user only 1 user with manager access,when i enter the same username and password it doesn't accepts it says Unable to verify password.

2) How i can remove the below command from the configuation:

aaa authentication telnet login tacacs local
aaa authentication telnet enable tacacs local

Esteemed Contributor

Re: Username


basically login and enable access are independant authentication processes. But you can configure the switch to honor the privileg mode avoiding a manager authenticate twice:

# aaa authenticatio login privilege-mode

To remove a tacacs authentication you have to set it do default:

aaa authentication telnet login local none
aaa authentication telnet enable local none


Ingentive Networks GmbH
Honored Contributor

Re: Username

'aaa authentication login privilege-mode '

Fyi, this feature/function only works with radius authenticated logins as you must also configure a radius attribute in the radius policy (server) to support its use. The switch expects a specific value to be sent back in the access-accept reply (in the "service-type" field) pkt.

BTW, be sure to configure the radius server for this use first, then add the above command in the switch, otherwise, if you put the command and then the switch does not receive one of the 2 value's it requires, you will lock yourself out of the access method where radius is being used to support authentication.

Because of the switch's requirement of receiving a specific value in the reply pkt, this feature is not available for tacacs auth.


Re: Username


I want to do single login by ACS server and local when ACS fails what commands i have to apply please guide.

i m using tacacs

aaa authentication login privilege command doesn't work.

please help
Honored Contributor

Re: Username

mascarenhas2010 said: "I want to do single login by ACS server and local when ACS fails what commands i have to apply please guide.

i m using tacacs "

Using tacacs, you do not get that option on ProVision software.

If you use the ACS and use its radius auth services (I've been told ACS can do radius), then you can use the above command and explicit config in the radius server (see the docs).