cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1447
Views
0
Helpful
2
Replies
raza555
Beginner

TACACS WITH VRF

Hi,

Please review my TACACS, it's working successfully with vrf.

1) Please advise that groups are created are correct or these can be better configured.

 

2) I am getting message after 2 minutes of success aaa authentication "Line timeout expired". and the  switch disconnect, while I am configuring the switch. I have used the line vty 'exec 20 0' but that doesn't make any difference. I am using ACS V5.

Thanks.

aaa new-model

aaa authentication login COMPANY-TACACS group COMPANY-TACACS group tacacs+ local enable
aaa authentication enable default group COMPANY-TACACS group tacacs+ enable
aaa authentication attempts login 6
!
aaa authorization exec default group COMPANY-TACACS group tacacs+ if-authenticated 
aaa authorization commands 15 default group COMPANY-TACACS group tacacs+ none 
aaa authorization config-commands
!
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
username admin privilege 15 password ABC
!
!
!
tacacs server COMPANY-ACS
 address ipv4 10.10.10.10
 key ABC
!
!
aaa group server tacacs+ COMPANY-TACACS
 server name COMPANY-ACS
 ip vrf forwarding MGMT_vrf
 ip tacacs source-interface Vlan10
!
!
 

line vty 0 4
 login authentication COMPANY-TACACS
 transport input ssh

2 REPLIES 2
Richard Bradfield
Frequent Contributor

Hi,

Please see the link below, the config is a bit different so don't know if applies in your case

 

http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/113666-tg-ios-per-vrf-00.html

HTH

Richard

saurabh_gera
Beginner

Please Find Below COrrect Configuration :-

aaa new-model

aaa authentication login default group COMPANY-TACACS group tacacs+ local
aaa authentication attempts login 6
!
aaa authorization exec default group COMPANY-TACACS if-authenticated 
aaa authorization commands 15 default group COMPANY-TACACS none 
aaa authorization config-commands
!
aaa accounting exec default start-stop group COMPANY-TACACS 

aaa accounting delay-start vrf MGMT_vrf
aaa accounting commands 15 default start-stop group COMPANY-TACACS 
!
username admin privilege 15 password ABC
!
!
!
tacacs server COMPANY-ACS
 address ipv4 10.10.10.10
 key ABC
!
!
aaa group server tacacs+ COMPANY-TACACS
 server name COMPANY-ACS
 ip vrf forwarding MGMT_vrf
 ip tacacs source-interface Vlan10
!
!
 

line vty 0 4
 login authentication COMPANY-TACACS
 transport input ssh

Please rate if you like the answer, If not Please go ahead and share the Error/Issue.

Content for Community-Ad