08-05-2020 10:11 AM
What is the proper way to configure the TACACS+ server config on a C9410R (SUP1) running 16.12.3a?
The config document says this format
tacacs server <NAME>
address ipv4 <IP ADDRESS>
key <KEY>
However, that's not an option on the switch. Below is the only option on the switch.
HOSTNAME(config)#tac?
tacacs-server
When I upgraded a 3650 using the old method to identify the TACACS server, I had to do Password Recovery to fix it. However, that seems to be the only option.
Configuration Document I am using.
08-06-2020 12:32 AM
- Check this document and or also have a look at the Configuation Examples :
M.
08-06-2020 12:44 AM
Hi,
try this:
aaa new-model
aaa authentication login default tacacs+ local
!
tacacs-server host 192.168.100.100 <your server IP>
tacacs-server key P0127gyu <key>
!
line vty 0 4
login authentication default
08-06-2020 07:57 AM
I can use that config, but the document I found states to use the new method, but it doesn't work.
What's interesting is that the new method works on the 9300 and the 3650's on 16.6.5 & 16.12.3a, but not on the 9400s running 16.12.3a.
Thank you
08-07-2020 02:14 AM
Hey!
Unfortunately I don't have any Catalyst 9400 to check ..
But I checked on 3850, 9200, 9300 and 9500.. New config style works everywhere.
Really strange that it doesn't work on 9400.
Guess you'll just have to use the old conifg style for TACACS+ config..
BR
Juls
08-07-2020 03:00 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide