Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
971
Views
10
Helpful
7
Replies

TACACS issue on switch

kamal kumar
Level 4
Level 4

‎09-11-2012 03:12 AM - edited ‎03-10-2019 07:31 PM

Hi All,

We have configured teo ACS as TACACS servers for authentication on our switches . We have follwoing configuration :-

tacacs-server host 10.X.X.X

tacacs-server host 10.X.Y.Y

tacacs-server directed-request

tacacs-server key 7 XXXXXXXXXX

Now if we change the tacacs server order also , the Auth is happening to 10.X.X.X itself .. We have reachable to both the ACS box on port no 49 .

please advide on possible solutions .

Thanks

Labels:
0 Helpful
7 Replies 7

Amjad Abdullah
VIP Alumni
VIP Alumni

‎09-11-2012 03:40 AM

Hi Kamal,          

use this command:

aaa authentication login default group tacacs+ local

The word "local" at the end says if all tacacs+ servers are not reachable then fall back to local useres. It is optional. also you can use other optoins thatn local like "line" for example. it is up to you.

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

kamal kumar
Level 4
Level 4
In response to Amjad Abdullah

‎09-11-2012 03:46 AM

Hi Amjad,

Following commands are in place .

aaa authentication login default group tacacs+ local

aaa authentication login console group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

The issue is we have two TACACS servers configured . We want that request for auth should go to a particular server , but its going to alternate server . how we can chnage it , we have tried to chnage the server command order chnage in config , eventhough its not working .

0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni
In response to kamal kumar

‎09-11-2012 04:02 AM

Try then to create server groups and not using the default one.

aaa new-model

aaa group server tacacs+ ABCGROUP <--- create server group.

server 10.x.x.x <- mention servers in this group in order.

server 10.y.y.y

!

aaa authentication login default group ABCGROUP line <--- use the default group as the grup name you configured above.

!

tacacs-server host 10.x.x.x

tacacs-server host 10.y.y.y

tacacs-server key

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

kamal kumar
Level 4
Level 4
In response to Amjad Abdullah

‎09-11-2012 04:04 AM

Hi Amjad,

Thanks , let me carry out these steps .

0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni
In response to kamal kumar

‎09-12-2012 12:46 AM

Kamal:

Was your issue resolved by creating a server group?

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful

kamal kumar
Level 4
Level 4
In response to Amjad Abdullah

‎09-12-2012 12:49 AM

Hi Amjad,

The team is yet to carry out changes ,,, Will update you . Thanks a lot .

0 Helpful

Amjad Abdullah
VIP Alumni
VIP Alumni
In response to kamal kumar

‎09-12-2012 12:50 AM

Hi Kamal,

no issues. I just wanted to check to make sure that your issue is resolved.

If you get to any issue please come back.

Greetings,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
0 Helpful
Customers Also Viewed These Support Documents