Disable Tacacs+ Authentication For Console; Disable Aaa-Based Authentication For Console; Disable Tacacs+ Authentication At The Context Level - Cisco ASR 5000 Administration Manual
Staros release 21.1
Hide thumbs
Also See for ASR 5000:
- Installation manual (294 pages) ,
- Administration manual (159 pages) ,
- Installation procedure (8 pages)
Table of Contents
Advertisement
System Settings
Disable TACACS+ Authentication for Console
A noconsole keyword for the Global Configuration mode aaa tacacs+ command disables TACACS+
authentication on the Console line.
configure
aaa tacacs+ noconsole
exit
By default, TACACS+ server authentication is performed for login from a Console or vty line. With noconsole
enabled, TACACS+ authentication is bypassed in favor of local database authentication for a console line;
on vty lines, TACACS+ remains enabled.
Important
Disable AAA-based Authentication for Console
A noconsole keyword for the Global Configuration mode local-user allow-aaa-authentication command
disables AAA-based authentication on the Console line.
configure
local-user allow-aaa-authentication noconsole
exit
Since local-user authentication is always performed before AAA-based authentication and local-user
allow-aaa-authentication noconsole is enabled, the behavior is the same as if no local-user
allow-aaa-authentication is configured. There is no impact on vty lines.
Important
Disable TACACS+ Authentication at the Context Level
When you enable aaa tacacs+ in the Global Configuration mode, TACACS+ authentication is automatically
applied to all contexts (local and non-local). In some network deployments you may wish to disable TACACS+
services for a specific context(s).
You can use the no aaa tacacs+ Context Configuration command to disable TACACS+ services within a
context.
configure
context ctx_name
Use the aaa tacacs+ Context Configuration command to enable TACACS+ services within a context where
it has been previously disabled.
When aaa tacacs+ noconsole is configured, a local user with valid credentials can log into a Console port
even if on-authen-fail stop and on-unknown-user stop are enabled via the TACACS+ Configuration
mode. If the user is not a TACACS+ user, he/she cannot login on a vty line.
This command does not apply for a Trusted build because the local-used database is unavailable.
no aaa tacacs+
Disable TACACS+ Authentication for Console
ASR 5000 System Administration Guide, StarOS Release 21.1
59
Advertisement
Table of Contents
Troubleshooting
