Do you have a Radius Server and is it defined? I did not see this in the
config snippet.
If you do not then it will look - refer to the debug output. If it fails to
find an auth server, then and only then will it fall back to the next
defined authententication method (in this case local).
So...
1. If the Auth Server exists it will:
A. Authenticate the use if the u/p is correct. or...
B. Fail if non-exist or incorrect.
And that is it.
2. If the Auth Server does not exist (not defined in the config, is not
reachable, etc.)...
A. The device will then proceed to the fallback auth mechanism if one if
configured and exists properly i.e. local database in the case presented.
Now this is normal and expected behavior.
I've read about people taking their labs and defining say VTY and not
defining an existing Auth Server or worse... not defining one at all... and
guess what else they do?
They do not define a secondary authentication mechaism... or do not define a
local database with a u/p...
Me -
I like to verify things and I telnet/ssh to the device from the device and
verify what I will happen. I also perform a reload in 5 and just turn it
off if I don't need it.
Hey I've had to set up whole networks with 500-1000+ devices at a time to
"take control" and when you have to do this kind of task you really don't
have time to lock yourself out of the box.
Live and Learn.
Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 23 2009 - 22:44:48 ART
This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:12 ART