03-29-2017 09:00 PM - edited 03-11-2019 12:35 AM
I am trying to configure TACACS+ authentication and authorization for NX-OS (Nexus 7706) 7.3(0)DX(1)
Configuration on Nexus's are the following :
aaa group server tacacs+ tac
aaa authentication login default group tac none
aaa authorization config-commands default group tac
feature tacacs+
tacacs-server key 7 "UE9Pp40o"
tacacs-server host 172.19.X.X key 7 "UE9Pp40o"
aaa group server tacacs+ tac
Error: AAA authorization failed for command:aaa group server tacacs+ tac, AAA_AUTHOR_STATUS_METHOD=17(0x11)
%TACACS-3-TACACS_ERROR_MESSAGE: All servers failed to respond
03-29-2017 09:35 PM
Under the "aaa group server tacacs+ tac" have "server 172.19.X.X" So should be:
(config)# aaa group server tacacs+ tac
(config-tacacs+)# server 172.19.X.X
03-29-2017 09:52 PM
Thanks for reply mpellegrino,
I have done below changes, still having problem persist.
aaa group server tacacs+ tac
server 172.19.X.X,
Please let me know if any additional information required.
03-29-2017 10:10 PM
What are you using for authentication, ACS? If so, did you add the IP of the N7K.
This should be all you need for the config, if it doesn't work then leads me to believe its something outside the nexus. You shouldn't need the "tacacs-server key 7 "UE9Pp40o" command
aaa group server tacacs+ tac
aaa authentication login default group tac none
aaa authorization config-commands default group tac
feature tacacs+
tacacs-server host 172.19.X.X key 7 "UE9Pp40o"
aaa group server tacacs+ tac
server 172.19.X.X
** Also use the "debug tacacs+ all" command and check the logs
03-29-2017 10:20 PM
One more thing I had a customer that had latency issues across the WAN between his N7K and aaa server. Had to use the following command to get it working
tacacs-server directed request
03-29-2017 10:51 PM
I am getting below error, when applying command "tacacs-server directed-request"
Error: AAA authorization failed for command:tacacs-server directed-request, AAA_AUTHOR_STATUS_METHOD=17(0x11)
03-29-2017 11:06 PM
This is a permissions issue. What are you using for authorization?
03-29-2017 11:28 PM
I am trying with vdc-admin
03-29-2017 10:52 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide