RE: AAA misbehavior

Meaningful explanation, but the ACS is reachable and I can ping it from the
router, would other causes could make the ACS don't to respond.

-----Original Message-----
From: Joseph L. Brunner [mailto:joe_at_affirmedsystems.com]
Sent: Monday, February 01, 2010 10:04 AM
To: CCIE; 'groupstudy'
Subject: RE: AAA misbehavior

No that's not Misbehavior.

You must have an unreachable tacacs+ server, second method is local (and you
have no local usernames) and then the only option left is NONE
So your fallback method is none

Why not?

aaa authentication login ACS group tacacs+ local line

and then

username root privilege 15 secret C1sco#$@

line vty 0 4
password s0m3good1

Now, AAA will have a local username and line password to fall back to if the
AAA server fails

:)

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of CCIE
Sent: Monday, February 01, 2010 2:55 AM
To: 'groupstudy'
Subject: AAA misbehavior

Hi experts,

Strange AAA behaviors, I have the bellow configuration, and the AAA ACS is
running, whenever I tried to access this router it ask for username if I
enter anything (not valid username on the AAA) then enter it immediately
take me to the privilege access, please any advice because that's make me
crazy

aaa new-model

aaa authentication login ACS group tacacs+ local none

tacacs-server host 10.0.71.18 key Cisco

line vty 0 15

login authentication ACS

privilege level 15.

Regards,

Amin

Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 02 2010 - 14:00:30 ART