cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

381
Views
0
Helpful
2
Replies
Highlighted
Beginner

No AAA Authentication For Switch

I am perplexed by my issue. I have one switch out of 9 that cannot authenticate with our TACACS server. The configurations are the same as every other switch, yet when I try to log in using the TACACS+ account, access is denied. Here is the configuration for the AAA/TACACS on the switch.

aaa new-model

aaa authentication login default group tacacs+ local
aaa authorization console
aaa authorization exec default group tacacs+ local

tacacs-server host X.X.33.XX
tacacs-server key 7 ???????????

I have removed the aaa configuration and then reconfigured it along with the tacacs server information and no tacacs authentication. I have given the interface tacacs should use, but same outcome. Any ideas?

Thank you,

Robert

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Robert,

Please make sure following

- Tacacs server is reachable from the switch and port 49 is not blocked.

- If this is layer 3 switch then make sure to setup ip tacacs source interface XXXX (Interface IP that is defined in tacacs server)

- Check secret key

If issue is still there then please get

debug aaa authentication

debug tacacs

Regards,

~JG

View solution in original post

2 REPLIES 2
Highlighted

Robert,

Please make sure following

- Tacacs server is reachable from the switch and port 49 is not blocked.

- If this is layer 3 switch then make sure to setup ip tacacs source interface XXXX (Interface IP that is defined in tacacs server)

- Check secret key

If issue is still there then please get

debug aaa authentication

debug tacacs

Regards,

~JG

View solution in original post

Highlighted

JG,

Thank you for your assistance. I thought about it this morning and I wasn't sure that I had even entered the ip tacacs source-interface command. I entered it this morning, and I turned on debug for aaa authentication and tacacs, so that I could see what was happening on the switch. I attempted to log in with my tacacs account and I was able to without an issue.

Thank you again for your help.

Content for Community-Ad