Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1896
Views
0
Helpful
4
Replies

How to configure TACACS for Cat6509-SUP2?

gilson_machado
Level 1
Level 1

‎06-11-2003 12:57 PM - edited ‎03-10-2019 07:21 AM

I have a6509 with dual MSFC2 and dual SUP2. I am trying to implement TACACS on both. I would like to have fail over the local password if the TACACS server access fail. I need authentication and accounting.

What commands I should use? I tested some bute I am getting many erros. Is there any configuration sample available?

Labels:
0 Helpful
4 Replies 4

mhoda
Level 5
Level 5

‎06-11-2003 01:37 PM

Hi,

The minimum configuration required would be:

tacacs-server host 10.1.1.1 key cisco

aaa new-model

aaa authentication login default [group] tacacs+ local

aaa authorization exec default [group] tacacs+ local <--this is not needed if you just want to authenticate users and don't want to directly be dropped to the enable mode

If you don't want to add the above line and wants to do enable password authentication then you can do the following:

aaa authen enable default [group] tacacs+ enable

aaa accounting exec default start-stop group tacacs+ <--You can turn on accounting for other purpose also like command autho etc.

Before you enter these, plese make sure to create the local user database as follows:

username admin privilege 15 password admin

Thanks,

Mynul

0 Helpful

gilson_machado
Level 1
Level 1
In response to mhoda

‎06-12-2003 04:37 AM

Hello Mynul!

I forgot to mention that it is a CatOS (using set commands).

The group of commands that I could find is the below:

!

set authentication  login tacacs  enable

set authentication enbale tacacs enable

set tacacs server x.x.x.x  

set tacacs key  yyyy

!

But it is not working properly.

Is there anything to add to that?

Regards,

Gilson

0 Helpful

sghosh
Level 1
Level 1
In response to gilson_machado

‎06-12-2003 09:00 AM

Hi Gilson,

In case of switches with cat os there is no concept of local username, but it falls back to the local telnet and enable password.

If you are using 7.5.x code then you add a local user otherwise.

Here are the commands you need

set authentication login local enable

set authentication login tacacs enable

set tacacs server #.#.#.#

set tacacs key your_key

Here is a good link

http://www.cisco.com/warp/public/480/72.shtml

Thanks

Sujit

0 Helpful

gilson_machado
Level 1
Level 1
In response to sghosh

‎06-12-2003 11:18 AM

Thanks Sujit!

looks like this is the correct set of commands.

Thanks everybody for the help.

Reagrds,

Gilson

0 Helpful
Customers Also Viewed These Support Documents