https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927448#M396193 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you are having Multiple Vlan in the Switch then also this problem will come.</P><P></P><P>issue a command</P><P>"ip tacacs source-interface Vlan 1"</P><P>may this sloves your problem.</P><P></P></BODY></HTML> Fri, 11 Jul 2008 18:20:56 GMT chaitu_kranthi 2008-07-11T18:20:56Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927441#M396186 <P>i have AAA server , when i configure tacacs authentication on edge switch , no response from AAA to the edge switch , but for radius configuration it is working </P> Sun, 10 Mar 2019 22:57:54 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927441#M396186 davidcruise 2019-03-10T22:57:54Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927442#M396187 <HTML><HEAD></HEAD><BODY><P>Hani </P><P></P><P>You have not provided much for us to work with. Based on your description I would think that the problem might be one of these things:</P><P>- perhaps the switch configuration for the tacacs server is not correct?</P><P>- perhaps the switch configuration of the shared key with the tacacs server is not correct?</P><P>- perhaps the IP address chosen by the switch as the source for the tacacs request is not the same address that is configured on the tacacs server for this client.</P><P>- perhaps there is some error in the switch configuration for tacacs configuration.</P><P></P><P>I would suggest that a good place to start investigating this issue is in the logs of the tacacs server. Is the server seeing the authentication request? If so then there may be some error code that indicates what the problem is. If the server is not seeing the request then it point to a different kind of problem.</P><P></P><P>It would also be helpful to post the switch config so we can check for issues in the switch config.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Wed, 09 Jul 2008 14:05:46 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927442#M396187 Richard Burts 2008-07-09T14:05:46Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927443#M396188 <HTML><HEAD></HEAD><BODY><P>- i am sure of the tacacs configuration of the switch .</P><P>-the switch &amp; ACS are reachable to each other</P><P>&amp; no communication problem.</P><P>-for test i installed the acs on VMWare which resides on the ACS server itself, i give the VMWare ip address 192.168.170.12 , which is in the same range of ACS server ip address 192.168.170.11</P><P>&amp; changed the Tacacs server ip address on the edge switch from 192.168.170.11 to 192.168.170.12 , &amp; tacacs authentication worked fine .</P></BODY></HTML> Wed, 09 Jul 2008 14:43:34 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927443#M396188 davidcruise 2008-07-09T14:43:34Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927444#M396189 <HTML><HEAD></HEAD><BODY><P>David,</P><P>If incase this is acs appliance, then disable remote logging and see if that make tacacs authentication work.</P><P></P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Wed, 09 Jul 2008 14:53:10 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927444#M396189 Jagdeep Gambhir 2008-07-09T14:53:10Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927445#M396190 <HTML><HEAD></HEAD><BODY><P>no it is not acs appliance</P></BODY></HTML> Fri, 11 Jul 2008 07:55:04 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927445#M396190 davidcruise 2008-07-11T07:55:04Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927446#M396191 <HTML><HEAD></HEAD><BODY><P>According to what you said, it is reasonable</P><P>to say that the ACS server is having issues.</P><P>I would the following:</P><P></P><P>1- from the switch telnet to the ACS server</P><P>via port 49 and see port 49 is listening:</P><P></P><P>C3750#telnet 10.250.97.28 49</P><P>Trying ... Open</P><P></P><P>[Connection closed by foreign host]</P><P>C3750#</P><P></P><P>2- to confirm that tcp port 49 is listening </P><P>on the ACS server, do "netstat -an | findstr</P><P>49"</P><P></P><P>3- I am guessing that the CSTacacs service </P><P>is not running but the CSRadius is. Check</P><P>the Windows service and restart CSTacacs</P><P>service and see if you can restart it.</P><P></P><P></P></BODY></HTML> Fri, 11 Jul 2008 10:23:16 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927446#M396191 cisco24x7 2008-07-11T10:23:16Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927447#M396192 <HTML><HEAD></HEAD><BODY><P>Other then that also check how aaa server is setup i.e Go to acs---&gt;network configuration----&gt;AAA server----&gt; Make sure it is set up as "Cisco Secure ACS" and not Radius.</P><P></P><P></P><P>Regards,</P><P>~JG</P></BODY></HTML> Fri, 11 Jul 2008 11:48:06 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927447#M396192 Jagdeep Gambhir 2008-07-11T11:48:06Z https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927448#M396193 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>If you are having Multiple Vlan in the Switch then also this problem will come.</P><P></P><P>issue a command</P><P>"ip tacacs source-interface Vlan 1"</P><P>may this sloves your problem.</P><P></P></BODY></HTML> Fri, 11 Jul 2008 18:20:56 GMT https://community.cisco.com/t5/network-access-control/tacacs-authentication-not-working/m-p/927448#M396193 chaitu_kranthi 2008-07-11T18:20:56Z