Tacacs+ on 1841 routers

Tracy La Rue · ‎03-02-2015

Hi All,

Thought I'd ask here before going to Cisco TAC.

I am the junior admin where I work and have been tasked with configuring TACACS on our devices. We have 5 1841 routers.

I added these commands to 3 of the routers but my AD creds didn't work.

______________________

aaa new-model
aaa authentication login default group tacacs+ local enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa authorization network default group tacacs+ local
aaa authorization configuration default group tacacs+
aaa session-id common

tacacs-server host 10.255.1.26
tacacs-server directed-request
tacacs-server key xxxxxxx

line vty 0 4
login authentication default

line vty 5 15
login authentication default

Would appreciate help with what I am missing, links to helpful pages, etc.

THANKS!!

johnd2310 · ‎03-02-2015

HI,

Check on the Tacacs Server for error messages about your logon failures.

thanks

John

**Please rate posts you find helpful**

Tracy La Rue · ‎03-03-2015

Didn't see any error messages for these routers in ACS, our TACACS server.

johnd2310 · ‎03-03-2015

Hi,

On the ACS server you should see some errors about why authentication is failing. If you are not seeing any errors on the acs server then it means packets are not getting to the acs from the routes. check that the routers are configured for the correct acs and the routing between the routes and acs is correct

Thanks

John

**Please rate posts you find helpful**