cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
616
Views
10
Helpful
13
Replies

UNABLE TO ACCESS SWITCH USING AAA CREDENTIALS

Hello All, I configured AAA on a c9300-48P, but I can't seem to login to the switch using the AAA credentials.

 

Find the configuration below:

SW#sh run aaa

! aaa authentication login AAA group tacacs+ local

aaa authorization exec AAA group tacacs+ local

aaa accounting commands 15 AAA start-stop group tacacs+

! ! ! ! ! ! tacacs server ACS1

address ipv4 x.x.x.x

key ######

tacacs server ACS2

address ipv4 x.x.x.x

key ###### !

aaa new-model

aaa session-id common !

!!!!!!

 

Kindly assist 

 

1 Accepted Solution

Accepted Solutions

ip tacacs source-interface interface-name [vrf vrf-name]

only select the source of Packet from your SW to AAA server

View solution in original post

13 Replies 13

MHM Cisco World
Advisor
Advisor

we need also the config of line vty 
please share it here 

Hello there,

This is the line vty output:

line vty 0 4
 authorization exec AAA
 accounting commands 15 AAA
 login authentication AAA
 transport input ssh
 transport output ssh
line vty 5 98
 authorization exec AAA
 accounting commands 15 AAA
 login authentication AAA
 transport input ssh
 transport output ssh

 

The line vty looks correct. What do you see on the TACACS+ server? Any errors? Have you also run some commands to test the comms from switch to TACACS+ server etc.?

show tacacs
ping <ip_of_tacacs_servers>
debug tacacs authentication
debug tacacs authorization

 

Hello Arne, 

 

Yes I can ping the tacacs server from the switch.

 

I've attached the debug authentication output. 

I can't seem to make anything out of it.

Kindly assist.