Here is an example CatOS config for TACACS auth. It's been awhile since I used a CatOS device however if I remember correctly this config was structured so that if the device can't talk to the TACACS server it would fail back to a local userid (by using "if-authenticated" in the #authorization section).
#tacacs+ set tacacs server 1.1.1.1 primary set tacacs server 2.2.2.2 set tacacs key [tacacs key] #authentication set authentication login tacacs enable console primary set authentication login tacacs enable telnet primary set authentication enable tacacs enable console primary set authentication enable tacacs enable telnet primary #accounting set accounting exec enable stop-only tacacs+ set accounting connect enable stop-only tacacs+ set accounting system enable stop-only tacacs+ set accounting commands enable all stop-only tacacs+ #authorization set authorization exec enable tacacs+ if-authenticated console set authorization exec enable tacacs+ if-authenticated telnet set authorization enable enable if-authenticated none console set authorization enable enable if-authenticated none telnet set authorization commands enable all if-authenticated none console set authorization commands enable all if-authenticated none telnet Hope it helps. -Rich On Mon, Nov 24, 2008 at 10:48 AM, Christian Koch <[EMAIL PROTECTED]>wrote: > on a side note - > > has anyone had any success getting older catos switches and enable > mode to work with the newer versions of tacplus? > > christian > > On Mon, Nov 24, 2008 at 10:41 AM, <[EMAIL PROTECTED]> wrote: > > Hi, > > > >> The fork based on Cisco's code over at shrubbery has worked out well for > me. > >> > >> > >> http://www.shrubbery.net/tac_plus/ > > > > agreed. also note, theres been hints of TACACS+ being part of > > future FreeRADIUS capability for some time too. > > > > alan > > _______________________________________________ > > cisco-nsp mailing list cisco-nsp@puck.nether.net > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/