Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
531
Views
0
Helpful
1
Replies

Cisco Catalyst Center with TACACS Authentication not working

NTT_DNAC
Level 1
Level 1

‎11-29-2024 05:32 AM

I am running Cisco Catalyst Center v2.3.7.6
I added two AAA servers using TACACS+ on port 49 and both servers are "ACTIVE" on the Cisco Catalyst Center

Under the Users & Roles section-> External Authentication: I enabled external user and configured the "cisco-av-pair" attributed as well as selected both the servers.

I also added the command: "magctl rbac external_auth_fallback enable" to fallback to local authentication if the TACACS servers are unavailable or I need to authenticate using local credentials.

I can both the servers but when I try to authenticate using AD credentials I  get "Invalid Login Credentials" message
I don't see any failed attempts on the AAA servers

1. Is there a way to disable the command "magctl rbac external_auth_fallback enable"

2. How can I test tacacs from the Cisco Catalyst Center without trying to login. is there to test aaa command

3. How can I pull logs to see where the Cisco Catalyst Center is sending the authentication request (external/local) and what the response to the request is

 

Labels:
0 Helpful
1 Reply 1

maflesch
Cisco Employee
Cisco Employee

‎12-02-2024 09:17 AM

1. You should be able to use magctl rbac external_auth_fallback disable to disable the local login.
2. No, there is no test aaa command. You have to attempt to login to test the settings.
3. Lauth is the service that is in charge of the request, you can check those service logs. I would also suggest pulling a PCAP to see what is happening at the packet level.

Honestly, you should open a TAC case to further see what is happening.

0 Helpful
Customers Also Viewed These Support Documents