07-04-2012 08:41 AM - edited 03-10-2019 07:16 PM
I'm trying get TACACS working on a Catalyst 3650 with IOS Version 15.0(1)SE2, RELEASE SOFTWARE (fc3). I believe my AAA model is defined correctly since it doesn't work properly until the switch is rebooted then I have to remove the TACACS server group and add it back in in order to get it to work. I can still logon via SSH but authorization fails when I try enter any commands under the privileged exec mode which tells me the authentication piece is still working but the authorization step fails. I confirmed it in ACS as well. Below is my config hope someone has an idea on how to resolve this issue thanks for the help.
aaa group server tacacs+ X
server name auth1
server name auth2
aaa authentication login default local
aaa authentication login TacLogin group X local
aaa authorization console
aaa authorization config-commands
aaa authorization exec default local
aaa authorization exec TacAuth group X local
aaa authorization commands 0 default local
aaa authorization commands 0 TacCommands0 group X local
aaa authorization commands 1 default local
aaa authorization commands 1 TacCommands1 group X local
aaa authorization commands 15 default local
aaa authorization commands 15 TacCommands15 group X local
aaa accounting exec default start-stop group X
aaa accounting commands 15 default start-stop group X
ip tacacs source-interface VlanXXX
!
tacacs server auth1
address ipv4 xxx.xxx.xxx.xxx
key 7 xxxxx
timeout 5
tacacs server auth2
address ipv4 xxx.xxx.xxx.xxx
key 7 xxxxx
timeout 5
07-04-2012 05:59 PM
Dustin,
Did you upgrade the code on this switch or is this how you received it? I know the tacacs configuration has change slightly but can you remove the tacacs servers and enter them in this way:
Keep the groups just as you have them but enter the tacacs server configuration as the guide states and see if the issue presists.
thanks,
Tarik Admani
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide