From: L Pham (ccie17030@gmail.com)
Date: Wed Jun 18 2008 - 03:26:22 ART
YMMV, but you can do it. We have this set up on 300+ of our 65xx
boxes and variety of 1U switches. You will need to test since Cisco
induce new aaa "features/syntax" as IOS changes ;-)))
Loc
On Sun, Jun 15, 2008 at 4:03 PM, Jason Aarons <jaarons@hotmail.com> wrote:
> I noticed when my two tacacs servers are unreachable I can not login with
> local username, after the tacacs-server timeout (5 sec each) shouldn't it look
> at local username admin? (changed hostnames/keys for security) username admin
> privilege 15 secret 5 <removed> oldaaa new-modelaaa authentication login
> default group tacacs+ localaaa authorization exec default group tacacs+ local
> aaa accounting exec default start-stop group tacacs+aaa accounting commands 15
> default start-stop group tacacs+!tacacs-server host 10.10.0.10 key 7
> 096F5C090B16291319tacacs-server host 10.10.0.56 key 7
> 096F5C090B16291319tacacs-server directed-request
> _________________________________________________________________
> Enjoy 5 GB of free, password-protected online storage.
> http://www.windowslive.com/skydrive/overview.html?ocid=TXT_TAGLM_WL_Refresh_s
> kydrive_062008
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:22 ART