Hi Ali
1. If the Tacac+ authentication process cant be achieved for some
reason (unreachable or unusable) then no authentication will be used.
2. If the Tacac+ authentication process cant be achieved for some
reason (unreachable or unusable) then the enable password will be
used.
3. Privillege 15.
4.a, With this approach, the user will be granted Privilege Level 15
once correct username and password is entered at the first user login.
b, i dont understand you.
On 2/13/11, imran ali <immrccie_at_gmail.com> wrote:
> Hi group ,
>
> help me with the following aaa commands
>
> 1)aaa authentication login default group tacacs+ none
>
> does it means if my tacacs server fails , the user will be authorized
> immediately (no authorization done ) as the next method list is "none"
>
> 2) aaa authentication enable default group tacacs+ enable
>
> does this means if tacacs server is unavailable or fails to respond locally
> stored enable password will be used
>
> 3) if i issue this command " username admin password cisco " what will be
> the privilege assigned to it .(by default)
>
> 4) aaa authorization exec default group tacacs+ if-authenticated
> a) plz explain what this do in general
>
> b) what happens if authentication is successful with tacacs server and i
> have implemented command authorization to authorize all commands entered .
> now imagine server goes down. will authorization be allowed or user will be
> locked ?
>
> i hope i m clear in asking
>
>
> Thanks
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Feb 13 2011 - 23:13:02 ART
This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART