- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-04-2014 07:40 PM - edited 03-10-2019 09:29 PM
Hi Sirs:
I configured 3850 AAA command, but it could not connect to tacas server.
Do I confiure something worng?
=====================Tacas server status==================
Tacacs+ Server - public :
Server address: 10.0.0.1
Server port: 49
Socket opens: 279
Socket closes: 278
Socket aborts: 0
Socket errors: 0
Socket Timeouts: 0
Failed Connect Attempts: 0
Total Packets Sent: 0
Total Packets Recv: 0 Tacacs+ Server - public :
Server address: 10.10.99.3
Server port: 49
Socket opens: 279
Socket closes: 278
Socket aborts: 0
Socket errors: 0
Socket Timeouts: 0
Failed Connect Attempts: 0
Total Packets Sent: 0
Total Packets Recv: 0
=========================AAA config===================
vrf definition Mgmt-vrf
aaa new-model
!
!
aaa authentication login default group tacacs+ line
aaa authentication login console none
aaa authorization console
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization exec console none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 192.168.1.1 255.255.255.0
negotiation auto
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 192.168.1.254
ip tacacs source-interface GigabitEthernet0/0
tacacs-server host 10.0.0.1
tacacs-server directed-request
tacacs-server key cisco123
Solved! Go to Solution.
- Labels:
-
AAA
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2014 05:57 PM
Try configuration has under
aaa new-model
!
!
aaa group server tacacs+ ACS
server-private 10.0.0.1 timeout 3 key *****
server-private 10.0.0.2 timeout 3 key *****
ip vrf forwarding Mgmt-vrf
ip tacacs source-interface GigabitEthernet0/0
!
!
aaa authentication login default group ACS local
aaa authentication enable default group ACS enable
aaa authentication login console group ACS local
aaa authorization console
aaa authorization exec default group ACS
aaa accounting exec default start-stop group ACS
aaa accounting commands 0 default start-stop group ACS
aaa accounting commands 1 default start-stop group ACS
aaa accounting commands 15 default start-stop group ACS
aaa accounting connection default start-stop group ACS
aaa accounting system default start-stop group ACS
!
!
ip tacacs source-interface GigabitEthernet0/0
!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-03-2014 12:27 AM
no aaa new-model

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-05-2014 05:57 PM
Try configuration has under
aaa new-model
!
!
aaa group server tacacs+ ACS
server-private 10.0.0.1 timeout 3 key *****
server-private 10.0.0.2 timeout 3 key *****
ip vrf forwarding Mgmt-vrf
ip tacacs source-interface GigabitEthernet0/0
!
!
aaa authentication login default group ACS local
aaa authentication enable default group ACS enable
aaa authentication login console group ACS local
aaa authorization console
aaa authorization exec default group ACS
aaa accounting exec default start-stop group ACS
aaa accounting commands 0 default start-stop group ACS
aaa accounting commands 1 default start-stop group ACS
aaa accounting commands 15 default start-stop group ACS
aaa accounting connection default start-stop group ACS
aaa accounting system default start-stop group ACS
!
!
ip tacacs source-interface GigabitEthernet0/0
!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-20-2021 05:29 AM
7 years later and still finding this useful tip.
