Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1157
Views
0
Helpful
2
Replies

AAA on 2500

jim collins
Level 1
Level 1

‎06-28-2004 11:02 AM - edited ‎03-10-2019 01:44 PM

unable to get tacacs working on a 2500. Tried several different ways to configure it. but I believe I am not doing something correctly between the AAA commands and the vty 0 4 line. It normally looks for a tacacs server (hesitates) but then goes to a password prompt.

aaa new-model

aaa authentication login default tacacs+ line

aaa authentication login LINE line

aaa authentication login NONE none

aaa authentication enable default tacacs+ enable

aaa authorization exec tacacs+ if-authenticated

aaa authorization commands 15 tacacs+ if-authenticated

aaa accounting exec start-stop tacacs+

aaa accounting commands 15 start-stop tacacs+

Cisco Internetwork Operating System Software

IOS (tm) 2500 Software (C2500-I-L), Version 11.2(16), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-1998 by cisco Systems, Inc.

Compiled Tue 06-Oct-98 11:30 by ashah

Image text-base: 0x0302300C, data-base: 0x00001000

ROM: System Bootstrap, Version 11.0(10c), SOFTWARE

BOOTFLASH: 3000 Bootstrap Software (IGS-BOOT-R), Version 11.0(10c), RELEASE SOFTWARE (fc1)

System image file is "flash:c2500-i-112-16.bin", booted via flash

cisco 2524 (68030) processor (revision J) with 2048K/2048K bytes of memory.

Labels:
0 Helpful
2 Replies 2

Richard Burts
Hall of Fame
Hall of Fame

‎06-28-2004 11:44 AM

The information you provided is useful but not enough for us to be able to diagnose your problem. It would be most important to include the part of the config where you configure the tacacs host (and its key - though you probably want to hide the actual key value) and the configuration of the vty lines.

It would also be helpful if you would post the output of the show tacacs command.

It would also be helpful if you could post the output of debug tacacs authentication.

Based on your description of the symptoms (when you attempt to login it hesitates and then gives just the password prompt) I would guess that there is something incorrect in how you have configured the TACACS server. It might be an error in specifying the address of the server, it might be an error in specifying the key for the server, it might be that the server does not have your router configured as a device for which to authenticate.

Check on these and let us know.

Rick

HTH

Rick
0 Helpful

jim collins
Level 1
Level 1
In response to Richard Burts

‎07-08-2004 12:45 PM

I had to wait a few days for the box to be rebooted :) tacacs server key fat fingered.

thanks

0 Helpful
Customers Also Viewed These Support Documents