Hello everybody,
We are currently implementing a TACACS+ server on our network. All our devices had local users until this point. We encountered no problem configuring the AAA setups on most of our devices, but our ACEs have had an odd behavior:
We debugged the packets comming out of the ACE, and found that if we have a user configured on the ACS, say for example "UserA", and that username is not configured on the ACE itself, the ACE never sends the authentication request to the ACS. Now, if we configure that username on the ACE, even with a different password, we see that when we try to login the request is correctly sent to the ACS, and we can use the password configured on the ACS correctly, so we know the TACACS user is configured correctly.
How is it that we need to have the user created locally for it to work? Is this normal behaviour?
Thank you,
Regrads,
Tadeo