https://community.cisco.com/t5/network-access-control/aaa-on-2500/m-p/292089#M431201 <HTML><HEAD></HEAD><BODY><P>The information you provided is useful but not enough for us to be able to diagnose your problem. It would be most important to include the part of the config where you configure the tacacs host (and its key - though you probably want to hide the actual key value) and the configuration of the vty lines.</P><P></P><P>It would also be helpful if you would post the output of the show tacacs command.</P><P></P><P>It would also be helpful if you could post the output of debug tacacs authentication. </P><P></P><P>Based on your description of the symptoms (when you attempt to login it hesitates and then gives just the password prompt) I would guess that there is something incorrect in how you have configured the TACACS server. It might be an error in specifying the address of the server, it might be an error in specifying the key for the server, it might be that the server does not have your router configured as a device for which to authenticate.</P><P></P><P>Check on these and let us know.</P><P></P><P>Rick</P></BODY></HTML> Mon, 28 Jun 2004 18:44:19 GMT Richard Burts 2004-06-28T18:44:19Z https://community.cisco.com/t5/network-access-control/aaa-on-2500/m-p/292088#M431200 <P></P><P></P><P>unable to get tacacs working on a 2500. Tried several different ways to configure it. but I believe I am not doing something correctly between the AAA commands and the vty 0 4 line. It normally looks for a tacacs server (hesitates) but then goes to a password prompt. </P><P></P><P></P><P>aaa new-model</P><P>aaa authentication login default tacacs+ line</P><P>aaa authentication login LINE line</P><P>aaa authentication login NONE none</P><P>aaa authentication enable default tacacs+ enable</P><P>aaa authorization exec tacacs+ if-authenticated</P><P>aaa authorization commands 15 tacacs+ if-authenticated</P><P>aaa accounting exec start-stop tacacs+</P><P>aaa accounting commands 15 start-stop tacacs+</P><P></P><P></P><P></P><P></P><P></P><P>Cisco Internetwork Operating System Software </P><P>IOS (tm) 2500 Software (C2500-I-L), Version 11.2(16), RELEASE SOFTWARE (fc1)</P><P>Copyright (c) 1986-1998 by cisco Systems, Inc.</P><P>Compiled Tue 06-Oct-98 11:30 by ashah</P><P>Image text-base: 0x0302300C, data-base: 0x00001000</P><P></P><P>ROM: System Bootstrap, Version 11.0(10c), SOFTWARE</P><P>BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)</P><P></P><P></P><P>System image file is "flash:c2500-i-112-16.bin", booted via flash</P><P></P><P>cisco 2524 (68030) processor (revision J) with 2048K/2048K bytes of memory.</P><P></P> Sun, 10 Mar 2019 20:44:18 GMT https://community.cisco.com/t5/network-access-control/aaa-on-2500/m-p/292088#M431200 jim collins 2019-03-10T20:44:18Z https://community.cisco.com/t5/network-access-control/aaa-on-2500/m-p/292089#M431201 <HTML><HEAD></HEAD><BODY><P>The information you provided is useful but not enough for us to be able to diagnose your problem. It would be most important to include the part of the config where you configure the tacacs host (and its key - though you probably want to hide the actual key value) and the configuration of the vty lines.</P><P></P><P>It would also be helpful if you would post the output of the show tacacs command.</P><P></P><P>It would also be helpful if you could post the output of debug tacacs authentication. </P><P></P><P>Based on your description of the symptoms (when you attempt to login it hesitates and then gives just the password prompt) I would guess that there is something incorrect in how you have configured the TACACS server. It might be an error in specifying the address of the server, it might be an error in specifying the key for the server, it might be that the server does not have your router configured as a device for which to authenticate.</P><P></P><P>Check on these and let us know.</P><P></P><P>Rick</P></BODY></HTML> Mon, 28 Jun 2004 18:44:19 GMT https://community.cisco.com/t5/network-access-control/aaa-on-2500/m-p/292089#M431201 Richard Burts 2004-06-28T18:44:19Z https://community.cisco.com/t5/network-access-control/aaa-on-2500/m-p/292090#M431202 <HTML><HEAD></HEAD><BODY><P>I had to wait a few days for the box to be rebooted <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> tacacs server key fat fingered.</P><P></P><P>thanks </P></BODY></HTML> Thu, 08 Jul 2004 19:45:45 GMT https://community.cisco.com/t5/network-access-control/aaa-on-2500/m-p/292090#M431202 jim collins 2004-07-08T19:45:45Z