4. a. the user will be granted exec priviledges once correct username
and password is entered at the first user login.
On 2/13/11, TED <ccie.security.nigeria_at_gmail.com> wrote:
> Hi Ali
>
> 1. If the Tacac+ authentication process cant be achieved for some
> reason (unreachable or unusable) then no authentication will be used.
> 2. If the Tacac+ authentication process cant be achieved for some
> reason (unreachable or unusable) then the enable password will be
> used.
> 3. Privillege 15.
> 4.a, With this approach, the user will be granted Privilege Level 15
> once correct username and password is entered at the first user login.
> b, i dont understand you.
>
>
>
>
> On 2/13/11, imran ali <immrccie_at_gmail.com> wrote:
>> Hi group ,
>>
>> help me with the following aaa commands
>>
>> 1)aaa authentication login default group tacacs+ none
>>
>> does it means if my tacacs server fails , the user will be authorized
>> immediately (no authorization done ) as the next method list is "none"
>>
>> 2) aaa authentication enable default group tacacs+ enable
>>
>> does this means if tacacs server is unavailable or fails to respond
>> locally
>> stored enable password will be used
>>
>> 3) if i issue this command " username admin password cisco " what will
>> be
>> the privilege assigned to it .(by default)
>>
>> 4) aaa authorization exec default group tacacs+ if-authenticated
>> a) plz explain what this do in general
>>
>> b) what happens if authentication is successful with tacacs server and
>> i
>> have implemented command authorization to authorize all commands entered
>> .
>> now imagine server goes down. will authorization be allowed or user will
>> be
>> locked ?
>>
>> i hope i m clear in asking
>>
>>
>> Thanks
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Feb 13 2011 - 23:27:16 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART