10-02-2015 12:50 PM - edited 03-10-2019 11:07 PM
Hi,
Please review my TACACS, it's working successfully with vrf.
1) Please advise that groups are created are correct or these can be better configured.
2) I am getting message after 2 minutes of success aaa authentication "Line timeout expired". and the switch disconnect, while I am configuring the switch. I have used the line vty 'exec 20 0' but that doesn't make any difference. I am using ACS V5.
Thanks.
aaa new-model
aaa authentication login COMPANY-TACACS group COMPANY-TACACS group tacacs+ local enable
aaa authentication enable default group COMPANY-TACACS group tacacs+ enable
aaa authentication attempts login 6
!
aaa authorization exec default group COMPANY-TACACS group tacacs+ if-authenticated
aaa authorization commands 15 default group COMPANY-TACACS group tacacs+ none
aaa authorization config-commands
!
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
username admin privilege 15 password ABC
!
!
!
tacacs server COMPANY-ACS
address ipv4 10.10.10.10
key ABC
!
!
aaa group server tacacs+ COMPANY-TACACS
server name COMPANY-ACS
ip vrf forwarding MGMT_vrf
ip tacacs source-interface Vlan10
!
!
line vty 0 4
login authentication COMPANY-TACACS
transport input ssh
10-04-2015 11:09 PM
Hi,
Please see the link below, the config is a bit different so don't know if applies in your case
http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/113666-tg-ios-per-vrf-00.html
HTH
Richard
11-23-2015 12:28 PM
Please Find Below COrrect Configuration :-
aaa new-model
aaa authentication login default group COMPANY-TACACS group tacacs+ local
aaa authentication attempts login 6
!
aaa authorization exec default group COMPANY-TACACS if-authenticated
aaa authorization commands 15 default group COMPANY-TACACS none
aaa authorization config-commands
!
aaa accounting exec default start-stop group COMPANY-TACACS
aaa accounting delay-start vrf MGMT_vrf
aaa accounting commands 15 default start-stop group COMPANY-TACACS
!
username admin privilege 15 password ABC
!
!
!
tacacs server COMPANY-ACS
address ipv4 10.10.10.10
key ABC
!
!
aaa group server tacacs+ COMPANY-TACACS
server name COMPANY-ACS
ip vrf forwarding MGMT_vrf
ip tacacs source-interface Vlan10
!
!
line vty 0 4
login authentication COMPANY-TACACS
transport input ssh
Please rate if you like the answer, If not Please go ahead and share the Error/Issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide