Hi Richard,
You did nothing wrong, you only left something undone, amend your configs as
thus and you would be through:
1. Change the command
aaa authentication login default tacacs+
To read
aaa authentication login default tacacs+ local
2. Create a CLI authenticated account eg
username xxxxx password nnnnn
And you would be through.
This is a common problem when configuring aaa on a routers, many times you
get locked out by your own router/AS thats if you are not very careful.
Good luck
Regards.
Oletu
----- Original Message -----
From: Jim Bond
To:
Sent: Wednesday, November 28, 2001 10:46 PM
Subject: Re: Cisco ACS/Telnet config [7:27648]
> Maybe add "ip tac source e0"; password in vty is not
> necessary.
>
> Run "debug aaa authen" and "debug aaa author" may help
> too.
>
> HTH.
>
> Jim
>
> --- Richard wrote:
> > Looking at the config below, can anyone tell me
> > where I might go wrong that
> > prevent me from telneting to this router? I am able
> > to use the same account
> > from Cisco ACS 2.6 to log onto the console, but not
> > through telnet.
> >
> > Thanks in advance for your help
> >
> >
> >
> > Current configuration:
> > !
> > version 12.0
> > service timestamps debug uptime
> > service timestamps log uptime
> > no service password-encryption
> > !
> > hostname Router
> > !
> > aaa new-model
> > aaa authentication login default tacacs+
> > aaa authentication login no_tacacs enable
> > aaa authentication enable default tacacs+
> > aaa authentication ppp default tacacs+
> > aaa authorization exec default tacacs+
> > aaa authorization exec no_tacacs local
> > aaa authorization network default tacacs+
> > aaa authorization network no_tacacs local
> > aaa accounting exec default start-stop tacacs+
> > aaa accounting network default start-stop tacacs+
> > enable password enable
> > !
> > ip subnet-zero
> > !
> > !
> > !
> > interface Ethernet0
> > ip address 5.1.1.4 255.255.255.0
> > no ip directed-broadcast
> > !
> > interface Serial0
> > no ip address
> > no ip directed-broadcast
> > no ip mroute-cache
> > shutdown
> > no fair-queue
> > !
> > interface Serial1
> > no ip address
> > no ip directed-broadcast
> > shutdown
> > !
> > ip classless
> > !
> > tacacs-server host 5.1.1.1 single-connection
> > tacacs-server key cisco
> > !
> > line con 0
> > transport input none
> > line aux 0
> > line vty 0 4
> > password line
> > !
> > end
> [EMAIL PROTECTED]
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
> http://geocities.yahoo.com/ps/info1
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=27722&t=27648
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
