Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
993
Views
0
Helpful
1
Replies

Help please with TACACS authentication from a Nexus 5548

Paul Murray
Level 1
Level 1

‎06-08-2011 05:54 AM - edited ‎03-10-2019 06:08 PM

I cannot get login working via TACACS from my Nexus 5548.  I've tried creating a group and a single server with key etc.

Config is simple:

tacacs-server key 7  ************

ip tacacs source-interface Vlanx

aaa group server tacacs+ tacacs

    server 10.x.y.z

The test aaa command shows it's authenticating:

NEX01# test aaa server tacacs+  10.x.y.z <username> <password)

user has been authenticated

Debug shows this:

NEX01# 2011 Jun  8 12:31:03 NEX01 %AUTHPRIV-3-SYSTEM_MSG: pam_aaa:Authentication failed for user <username>  from 10.x.y.z- login[1691]

Am I doing something glaringly wrong here?

Any advice is greatly appreciated.

Thank you.

Labels:
0 Helpful
1 Reply 1

Waris Hussain
Cisco Employee
Cisco Employee

‎06-08-2011 03:09 PM

Hi Paul,

Looks like may be the packet dont have the route ACS when you try to login .

Can you share sh run of the switch  ?

Also do you see failed attempt on tacacs server side. ?

Can you ping tacacs server with source interface Vlanx?

Thanks

Waris Hussain

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents