Hi Richard, You did nothing wrong, you only left something undone, amend your configs as thus and you would be through: 1. Change the command aaa authentication login default tacacs+ To read aaa authentication login default tacacs+ local
2. Create a CLI authenticated account eg username xxxxx password nnnnn And you would be through. This is a common problem when configuring aaa on a routers, many times you get locked out by your own router/AS thats if you are not very careful. Good luck Regards. Oletu ----- Original Message ----- From: Jim Bond To: Sent: Wednesday, November 28, 2001 10:46 PM Subject: Re: Cisco ACS/Telnet config [7:27648] > Maybe add "ip tac source e0"; password in vty is not > necessary. > > Run "debug aaa authen" and "debug aaa author" may help > too. > > HTH. > > Jim > > --- Richard wrote: > > Looking at the config below, can anyone tell me > > where I might go wrong that > > prevent me from telneting to this router? I am able > > to use the same account > > from Cisco ACS 2.6 to log onto the console, but not > > through telnet. > > > > Thanks in advance for your help > > > > > > > > Current configuration: > > ! > > version 12.0 > > service timestamps debug uptime > > service timestamps log uptime > > no service password-encryption > > ! > > hostname Router > > ! > > aaa new-model > > aaa authentication login default tacacs+ > > aaa authentication login no_tacacs enable > > aaa authentication enable default tacacs+ > > aaa authentication ppp default tacacs+ > > aaa authorization exec default tacacs+ > > aaa authorization exec no_tacacs local > > aaa authorization network default tacacs+ > > aaa authorization network no_tacacs local > > aaa accounting exec default start-stop tacacs+ > > aaa accounting network default start-stop tacacs+ > > enable password enable > > ! > > ip subnet-zero > > ! > > ! > > ! > > interface Ethernet0 > > ip address 5.1.1.4 255.255.255.0 > > no ip directed-broadcast > > ! > > interface Serial0 > > no ip address > > no ip directed-broadcast > > no ip mroute-cache > > shutdown > > no fair-queue > > ! > > interface Serial1 > > no ip address > > no ip directed-broadcast > > shutdown > > ! > > ip classless > > ! > > tacacs-server host 5.1.1.1 single-connection > > tacacs-server key cisco > > ! > > line con 0 > > transport input none > > line aux 0 > > line vty 0 4 > > password line > > ! > > end > [EMAIL PROTECTED] > > > __________________________________________________ > Do You Yahoo!? > Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. > http://geocities.yahoo.com/ps/info1 _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=27722&t=27648 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]