Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1226
Views
0
Helpful
2
Replies

TACACS+ Issue : Please help

Go to solution
abhisar patil
Level 1
Level 1

‎08-12-2011 12:03 AM - edited ‎03-10-2019 06:18 PM

Dear All,

This is regarding Tacacs+. I have configured Tacacs+ on cisco switch, but it is taking local username and password

for authentication.

With below configuration on other switch, working fine with tacacs+ username and password, but not with

this switch.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authentication login no_login local

aaa accounting send stop-record authentication failure

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa session-id common

tacacs-server host 10.0.2.193 key 7 110A101614425A5E57

tacacs-server directed-request

username admin privilege 15 password ****

line vty 0 4

transport input ssh telnet

login authentication default

Also this switch is configured for intervlan routing, with following configuration and I have added 10.0.6.1 IP address in Cisco ACS.

interface Vlan5

ip address 10.0.0.1 255.255.255.0

!

interface Vlan20

ip address 10.0.2.1 255.255.255.0

ip helper-address 10.0.0.7

!

interface Vlan60

ip address 10.0.6.1 255.255.255.0

REFLXIS_PUNCORE#show tacacs

Tacacs+ Server            : 10.0.2.193/49

              Socket opens:         33

             Socket closes:         33

             Socket aborts:          0

             Socket errors:          0

           Socket Timeouts:          0

   Failed Connect Attempts:          0

        Total Packets Sent:         33

        Total Packets Recv:          0

So please help on the same.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mavespig
Level 3
Level 3

‎08-12-2011 04:49 AM

Hello Abhisar,

the server IP address 10.0.2.193 is reachable via Vlan 20.

Therefore, the switch will try to establish the connection with the server using Vlan20's IP address, 10.0.2.1.

You can fix this in two ways:

1. change the configuration on Tacacs server to have an entry with 10.0.2.1 instead of 10.0.6.1.

or

2. change the configuration on the switch, adding "ip tacacs-server source-interface vlan 60"

Please rate the post if helpful

Marco

View solution in original post

0 Helpful
2 Replies 2

Go to solution
mavespig
Level 3
Level 3

‎08-12-2011 04:49 AM

Hello Abhisar,

the server IP address 10.0.2.193 is reachable via Vlan 20.

Therefore, the switch will try to establish the connection with the server using Vlan20's IP address, 10.0.2.1.

You can fix this in two ways:

1. change the configuration on Tacacs server to have an entry with 10.0.2.1 instead of 10.0.6.1.

or

2. change the configuration on the switch, adding "ip tacacs-server source-interface vlan 60"

Please rate the post if helpful

Marco

0 Helpful

Go to solution
abhisar patil
Level 1
Level 1
In response to mavespig

‎08-12-2011 05:13 AM

Thanks Marco for your help..

Its working now..:-) and also satisfied with your justification.

Abhisar.

0 Helpful
Customers Also Viewed These Support Documents
Top