11-23-2015 04:35 PM - edited 03-10-2019 11:15 PM
I am perplexed by my issue. I have one switch out of 9 that cannot authenticate with our TACACS server. The configurations are the same as every other switch, yet when I try to log in using the TACACS+ account, access is denied. Here is the configuration for the AAA/TACACS on the switch.
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization console
aaa authorization exec default group tacacs+ local
tacacs-server host X.X.33.XX
tacacs-server key 7 ???????????
I have removed the aaa configuration and then reconfigured it along with the tacacs server information and no tacacs authentication. I have given the interface tacacs should use, but same outcome. Any ideas?
Thank you,
Robert
Solved! Go to Solution.
11-23-2015 05:11 PM
Robert,
Please make sure following
- Tacacs server is reachable from the switch and port 49 is not blocked.
- If this is layer 3 switch then make sure to setup ip tacacs source interface XXXX (Interface IP that is defined in tacacs server)
- Check secret key
If issue is still there then please get
debug aaa authentication
debug tacacs
Regards,
~JG
11-23-2015 05:11 PM
Robert,
Please make sure following
- Tacacs server is reachable from the switch and port 49 is not blocked.
- If this is layer 3 switch then make sure to setup ip tacacs source interface XXXX (Interface IP that is defined in tacacs server)
- Check secret key
If issue is still there then please get
debug aaa authentication
debug tacacs
Regards,
~JG
11-24-2015 09:44 AM
JG,
Thank you for your assistance. I thought about it this morning and I wasn't sure that I had even entered the ip tacacs source-interface command. I entered it this morning, and I turned on debug for aaa authentication and tacacs, so that I could see what was happening on the switch. I attempted to log in with my tacacs account and I was able to without an issue.
Thank you again for your help.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: