Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
606
Views
0
Helpful
3
Replies

TACACS is not working in 7206 VXR

arun.mallappally123
Level 1
Level 1

‎06-17-2013 01:22 AM - edited ‎03-10-2019 08:32 PM

Hi all,

TACACS is not working in my 7206 VXR.When i am telneting in to router it is  showing Authorization Failed.I can able to login using console.

KEY is same b/w router and the server .Please help.

7206(config)#do sh run | in aaa|tacacs

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local if-authenticated

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common

ip tacacs source-interface Loopback0

tacacs-server host 202.148.202.174

tacacs-server key 7 073D055B42291A413630384D2E

GURG-7206-EDGE1(config)#do ping 202.148.202.174 source lo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 202.148.202.174, timeout is 2 seconds:

Packet sent with a source address of 202.148.199.196

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/43/44 ms

Labels:
0 Helpful
3 Replies 3

Jatin Katyal
Cisco Employee
Cisco Employee

‎06-17-2013 01:32 AM

What error are you seeing on the tacacs server? Did you define enable privilege 15 on the tacacs server?

What is the code of tacacs/ACS are you running?

Can you paste the output of

debug tacacs

debug aaa authen

debug aaa autho

Jatin Katyal

- Do rate helpful posts -

~Jatin
0 Helpful

mmangat
Level 1
Level 1

‎06-17-2013 11:31 PM

It is most likely a configuration or rechability issue. Double check

that you've got the right IP in the config, and that there's nothing

interfering with UDP between the two. With tacacs, it's good idea

to have known backup telnet & enable passwords, this same kind of

thing can happen when you have a badly congested link or some kind of

network problem and life is better when you can get into the router.

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to mmangat

‎06-18-2013 12:03 AM

cannot be a reachability issue as tacacs is processing the request and throwing "authorization failed". Also, I didn't understand when you say "that there's nothing  interfering with UDP between the two" because tacacs works at tcp 49.

Jatin Katyal
- Do rate helpful posts -

~Jatin
0 Helpful
Customers Also Viewed These Support Documents