Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
303
Views
0
Helpful
1
Replies

CatC TACACS using TACACS pro bono

gurfin
Level 1
Level 1

‎01-15-2025 03:21 AM

Hello,

 

We are trying to setup AAA for the management of a new customer Catalyst Center.

This customer runs a TACACS pro bono server, and we will not be migrating them to ISE yet (even though that is planned for the future). My question is how this is configured in the tac_plus config?

 

I have read through this form, but I am still having issues:

https://community.cisco.com/t5/cisco-catalyst-center/dna-external-user-authentication-via-tacacs/td-p/4569785

 

We have previously set this up with a different customers Catalyst Center and gotten it to work, but that was towards a Cisco ISE server for TACACS. Here is a post on my blog about that:

https://blog.gurfin.se/post/adding-tacacs-via-ise-to-cisco-catalyst-center/

 

Currently this is what we have specified in our group in the tac_plus.cfg:

service = cas-service {
	set cisco-av-pair="Role=SUPER-ADMIN-ROLE"
}

 

And if I check the /var/log/tac_plus/access/access.log, then i get this:

2025-01-15 <REDACTED TIME ZONE> <REDACTED NAS IP> <REDACTED USERNAME> 49 <REDACTED CLIENT IP> shell login succeeded

 

At the same time the Catalyst Center UI prompts me with "Login Failed".

1 person had this problem
Labels:
0 Helpful
1 Reply 1

hecjo
Level 1
Level 1

‎03-13-2025 07:49 AM

Hello,

I have the same problem. Has anyone already found a solution for this?

 

0 Helpful
Customers Also Viewed These Support Documents