From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Wed Sep 05 2007 - 10:03:45 ART
It could be your timeouts that are working against you. Try these commands
(tweak as needed):
aaa-server tac2only max-failed-attempts 2
aaa-server tac2only deadtime 10
aaa-server tac2only (inside) host 1.2.3.4 nhs_fife 3
Here's a link explaining these:
//www.cisco.com/en/US/docs/security/pix/pix63/command/reference/ab.html#wp10
70086
Rik
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie.candidate@securebytes.co.uk
Sent: Wednesday, September 05, 2007 7:50 AM
To: ccielab@groupstudy.com
Subject: AAA on PIX 501
Hi Group,
Can someone tell me why fallback access on a PIX 501 does not work. It works
on ASA and IOS devices but not on the PIX. These are the commands on the
PIX:
username deji password deji
aaa-server tac2only protocol tacacs+
aaa-server tac2only (inside) host 1.2.3.4 nhs_fife aaa-server tac2only
(inside) host 5.6.7.8 nhs_fife2 aaa authentication serial console tac2only
LOCAL
Should there be an additional command(s) to make this work?
Thanks
Deji
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:09 ART