Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1990
Views
0
Helpful
1
Replies

TACACS ACS to ISE migration

Go to solution
T_tow
Level 1
Level 1

‎05-07-2019 07:48 AM - edited ‎02-21-2020 11:05 AM

I'm migrating my devices from TACACS ACS to ISE.  I have a 6509 that I've migrated.  TACACS works and when consoling in global password takes but when I check the login via enable mode it keeps giving me an error in authentication message.

 

Ex:

User Access Verification

Password:

Sw1> en

username: xxxx

password:

%Error in authentication

 

I think it's a problem with my line con 0 configs:

 

line con 0
 exec-timeout 15 0
 password 7 xxxxxxx
 authorization commands 0 no_aaa_authorization
 authorization commands 1 no_aaa_authorization
 authorization commands 15 no_aaa_authorization
 authorization exec CONSOLE
 logging synchronous
 login authentication no_aaa_authentication
 stopbits 1

 

Here's my AAA config:

aaa new-model
aaa group server tacacs+ TACACS-GROUP
aaa authentication login default group TACACS-GROUP local
aaa authentication login no_aaa_authentication line
aaa authentication login CONSOLE line
aaa authentication login LOGIN local enable
aaa authentication enable default enable group TACACS-GROUP
aaa authentication dot1x default group radius
aaa authorization config-commands
aaa authorization exec default group TACACS-GROUP if-authenticated
aaa authorization exec Console local
aaa authorization commands 0 default group TACACS-GROUP if-authenticated
aaa authorization commands 0 no_aaa_authorization none
aaa authorization commands 1 default group TACACS-GROUP if-authenticated
aaa authorization commands 1 no_aaa_authorization none
aaa authorization commands 15 default group TACACS-GROUP if-authenticated
aaa authorization commands 15 no_aaa_authorization none
aaa accounting exec default start-stop group TACACS-GROUP
aaa accounting commands 1 default start-stop group TACACS-GROUP
aaa accounting commands 15 default start-stop group TACACS-GROUP
aaa accounting system default start-stop group TACACS-GROUP
aaa session-id common
 authorization commands 0 no_aaa_authorization

authorization commands 1 no_aaa_authorization
 authorization commands 15 no_aaa_authorization
 login authentication no_aaa_authentication

 

Any thoughts?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎05-07-2019 07:58 AM

What kind of error do you see in ISE for this?

Also please verify the configuration with this guide.

-Aravind

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Aravind Ravichandran
Level 3
Level 3

‎05-07-2019 07:58 AM

What kind of error do you see in ISE for this?

Also please verify the configuration with this guide.

-Aravind
0 Helpful
Customers Also Viewed These Support Documents