aaa authentication login default group local tacacs+ ( instead of tacacs+ local)
and create a local account for yourself. This way only if the username is not found on the local user database (the config) tacacs is used. And leave the login configs on the line con 0 to its default. This way you will be asked for your username/password when using the consiole and then you can enter the enable. Its not a good idea to leave the console without authentcation. HTH Hamid, ""GEORGE"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Im trying to configure authentication on my routers so far so good , > however I would not like to have any type of authentication via > console., just in case and also if the tacacs goes down I can still get > in with local account I created.. so far if I place this on the console > line =line con 0 no authentication none > It would let me in , and if I place nothing I get promted for the > username and password on my tacacs , but wont let me enter my enable > password.? > Maybe if I understood each line I could configure it better... > > aaa new-model > aaa authentication login default group tacacs+ local > aaa authentication login local local > aaa authentication login no_tacacs none > aaa authentication enable default group tacacs+ none > aaa authorization exec default group tacacs+ none > aaa authorization network default group tacacs+ > aaa accounting exec default start-stop group tacacs+ > aaa accounting network default start-stop group tacacs+local Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=47195&t=47140 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
