we know that one must globally enable aaa in order to support tacacs or radius authentication...
but before implementing tacacs, you setup ssh on the device for use with the local database...
username x password x
and
transport input ssh
login local
once aaa is enabled, login local goes away, and will force authentication to the tacacs box... fair enough... if you look at the vty config you'll notice login local disappears...
but arteq, you protest, what will we do if the tacacs server goes down; how will we get to the device...
when aaa is not available, login local will magically reappear, and allow authentication with the user database that you know you set up prior to implementing aaa...
be a backdoor man...
network cisco ccna gns3 certification arteq
a network runs through it
No comments:
Post a Comment