Error In Authentication Enable Mode
Contents |
Information The requested topic does not exist.
for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help Ask a Question Ask for Help Receive Real-Time Help Create a Freelance Project Hire for a Full Time Job Ways to Get Help
Cisco Error In Authentication Ssh
Expand Search Submit Close Search Login Join Today Products BackProducts Gigs Live Careers Vendor error in authentication console Services Groups Website Testing Store Headlines Experts Exchange > Questions > % Error in Authentication cisco console error Want to Advertise Here? cisco 2960 enable error in authentication Solved % Error in Authentication cisco console error Posted on 2011-02-09 Routers 1 Verified Solution 16 Comments 4,177 Views Last Modified: 2012-05-11 This is my first post (I know I know...) really hope you can http://www.networking-forum.com/viewtopic.php?f=33&p=246756 help me out here.... I have a Cisco router, configured to use AAA with a ASC server. TACAS access works fine for vty access, i.e it gets me to the enable mode, but when I attempt to log in via the console, I get the %error in Authentication error message! There's no local username and password configured but there is an enable secret! Here's the relevant config section: aaa new-model ! ! https://www.experts-exchange.com/questions/26810912/Error-in-Authentication-cisco-console-error.html aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ if-authenticated aaa authorization commands 15 default group tacacs+ if-authenticated aaa accounting update newinfo aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting system default start-stop group tacacs+ ! ! ! line con 0 line vty 5 15 Hope you can help us out asap! 0 Question by:GKingdom Facebook Twitter LinkedIn Google Best Solution bydard1 Also in ACS server under user settings/Advanced TACACS+ Settings select No Enable Privilege These to options will put you directly in privilege mode Go to Solution 16 Comments LVL 18 Overall: Level 18 Routers 10 Message Expert Comment by:jmeggers2011-02-09 I usually prefer to use specific named methods for authentication. Take a look at http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml specifically: aaa authentication login conmethod tacacs+ enable line con 0 login authentication conmethod But you may be able to get away with just adding: line con 0 login authentication default 0 LVL 6 Overall: Level 6 Routers 5 Message Active 6 days ago Expert Comment by:wpharaon2011-02-09 since you said it authenticates you on telnet, i would assume that the tacacs server ip is already configured on your firewall aaa new-model immediately applies local authenticat
described in the table below. Command Description: To enable AAA authentication to determine if a user can access the privileged command level, use the aaa authentication enable default global configuration command. http://www.lab.dit.upm.es/~labrst/config/ciscopedia/aaa%20authentication%20enable%20default.htm Use the no form of this command to disable this authorization method. Usage Guidelines Use the aaa authentication enable default command to create a series of authentication methods that are used to determine whether a user can access the privileged command level. Method keywords are described in the table below. The additional methods of authentication are used only if the error in previous method returns an error, not if it fails. To specify that the authentication should succeed even if all methods return an error, specify none as the final method in the command line. If a default authentication routine is not set for a function, the default is none and no authentication is performed. Use the show running-config command to view currently error in authentication configured lists of authentication methods. Table: aaa authentication enable Default Methods Keyword Description enable Uses the enable password for authentication. line Uses the line password for authentication. none Uses no authentication. group tacacs+ Uses the list of all TACACS+ to provide authentication services. group radius Uses the list of all RADIUS to provide authentication services. group | group-name Uses a subset of RADIUS or TACACS+ servers for authentication as defined by the server group group-name. Example: The following example creates an authentication list that first tries to contact a TACACS+ server. If no server can be found, AAA tries to use the enable password. If this attempt also returns an error (because no enable password is configured on the server), the user is allowed access with no authentication. Router(config)#aaa authentication enable default group tacacs+ enable none Misconceptions: The additional methods of authentication are used if the previous method fails. Related Commands: aaa authorization aaa new-model enable password © Cisco Systems, Inc. 2001, 2002World Wide Education This HTML Help has been published using the chm2web software.