https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/2962230#M38774 <P><SPAN>Hi Cisco,</SPAN></P> <P></P> <P><SPAN>Good day!</SPAN></P> <P></P> <P><SPAN>Need your help on my problem,&nbsp;<SPAN>the problem is that a switch that we are trying to integrate to ACS can't&nbsp;authenticate via TACACS.&nbsp;</SPAN><SPAN>based on our testing and troubleshooting, the ACS before config is Single connect device and&nbsp;</SPAN><SPAN>TACACS+ Draft Compliant Single Connect Support is chosen. but when trying to change the configuration to Legacy TACACS + Single Connect support it works fine.&nbsp;</SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Question: what is the standard&nbsp;procedure for enrollment 1 or 2 (See below) ? what is the different?</SPAN></P> <P><SPAN>1. Single connect Device and TACACAS + Draft Compliant Single Connect Support</SPAN></P> <P><SPAN>or</SPAN></P> <P><SPAN>2. Just Legacy TACACS + Single Connect Support&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P></P> Tue, 26 Mar 2019 00:35:02 GMT Erland Medrano 2019-03-26T00:35:02Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/2962230#M38774 <P><SPAN>Hi Cisco,</SPAN></P> <P></P> <P><SPAN>Good day!</SPAN></P> <P></P> <P><SPAN>Need your help on my problem,&nbsp;<SPAN>the problem is that a switch that we are trying to integrate to ACS can't&nbsp;authenticate via TACACS.&nbsp;</SPAN><SPAN>based on our testing and troubleshooting, the ACS before config is Single connect device and&nbsp;</SPAN><SPAN>TACACS+ Draft Compliant Single Connect Support is chosen. but when trying to change the configuration to Legacy TACACS + Single Connect support it works fine.&nbsp;</SPAN></SPAN></P> <P><SPAN></SPAN></P> <P><SPAN>Question: what is the standard&nbsp;procedure for enrollment 1 or 2 (See below) ? what is the different?</SPAN></P> <P><SPAN>1. Single connect Device and TACACAS + Draft Compliant Single Connect Support</SPAN></P> <P><SPAN>or</SPAN></P> <P><SPAN>2. Just Legacy TACACS + Single Connect Support&nbsp;</SPAN></P> <P><SPAN></SPAN></P> <P></P> Tue, 26 Mar 2019 00:35:02 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/2962230#M38774 Erland Medrano 2019-03-26T00:35:02Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/2962231#M38775 <P>Hi Erland,</P> <P></P> <P>The difference between&nbsp;<SPAN>Single connect Device and TACACAS + Draft Compliant Single Connect Support OR&nbsp;Legacy TACACS + Single Connect Support is former will send single connect flag to the NAS and latter will not send the single connect flag to NAS device.</SPAN></P> <P></P> <P></P> <P><SPAN>You can also refer this draft for better understanding,</SPAN></P> <P><SPAN>http://tools.ietf.org/html/draft-grant-tacacs-02</SPAN></P> Thu, 11 Aug 2016 14:09:30 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/2962231#M38775 karans 2016-08-11T14:09:30Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/2962232#M38776 <P>thanks for verification&nbsp;</P> Wed, 24 Aug 2016 09:23:26 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/2962232#M38776 Erland Medrano 2016-08-24T09:23:26Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/3385763#M38777 <P>Any recommended best practices for this setting?</P> Fri, 18 May 2018 20:34:37 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-issue/m-p/3385763#M38777 kevink707 2018-05-18T20:34:37Z