Hannes,
you would configure it like this
Router(config)#aaa authentication local-override
In this case, the router will first check to see if there is a local
user specified before checking the tacacs server. If one doesn't exist
locally then it would check the tacacs server. Hope that helps.
Woody
-----Original Message-----
From: Kumari, Hannes [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, February 06, 2002 7:49 AM
To: [EMAIL PROTECTED]
Subject: Terminal server tacacs+ question [7:34607]
Hi All,
Im tring to configure 2509 (with 8 async ports) as a terminal
server
so that
I could access my network devices via console port.
I have my default tacacs policy in place but in addition to that
I
would like to
have sepparate policy for third parties ( IT depatment needs console
acces
to servers aswell ).
And now the problem, when tring to reverse-telnet like this :
telnet 10.10.10.10 2001
It first checks the tacas for authentication, but I have no intention to
auth. 3`rd parties thougt tacacs but
have created local usernames/password in 2509
How should the config look like in order it to check local
usernames/password first befor tacacs auth.
-------
my current conf in 2509
aaa now-model
aaa authentication login default tacacs+ enable
aaa authentication enable default tacacs+ enable
aaa authorization exec default tacacs+ if-authenticated
...
username kala password 0 kala
rgds,
Hannes Kumari
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=34660&t=34607
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
