Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2532
Views
0
Helpful
4
Replies

CAT OS and TACACS+

Danilo Dy
VIP Alumni
VIP Alumni

‎03-23-2005 06:54 PM

We made a mistake configuring our CAT OS with TACACS+

After applying configuration, when we tried to login to the Switch;

- It ask for username

- It ask for password

Login Successful

- Then it has a Privilege error message

- When we go to "enable", it reply a Privilege error messages

How can we revert back the config or how can we login to the switch authenticating local database? We did put in the TACACS+ configuration that if TACACS+ fails, it should authnticate using local database,.

Labels:
0 Helpful
4 Replies 4

Namol
Level 1
Level 1

‎03-24-2005 06:28 AM

There are a number of places where this can go wrong. First of all, check for these lines:

set authentication login tacacs enable console primary

set authentication login tacacs enable telnet primary

set authentication enable tacacs enable telnet primary

set authorization exec enable tacacs+ if-authenticated telnet

set authorization enable enable tacacs+ if-authenticated telnet

Also, make sure you manually set your user account in ACS so that you have Level 15 access to all TACACS+ devices and use the password you define there when prompted to go into enable mode.

Finally, if you can't get it to work, simply delete the entry for the device in ACS, that will force the switch to use local authentication since the ACS server will not respond to its requests.

0 Helpful

ozlemduran
Level 1
Level 1

‎03-25-2005 01:21 AM

hi Danilo,

have you solved your problem???

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to ozlemduran

‎03-27-2005 06:12 PM

Not yet, we are busy configuring 200+ IOS devices. But we will do it this week. We are planning to cut the network communication between the CAT OS and the TACACS+ Server (by ACL or Firewall Rule) since we can't shutdown both the server and the switch (they should be production 24x7). We tried stopping the TACACS+ service, it doesn't help. But we have tested from an IOS switch that by cutting the network communication between the TACACS+ Server and the IOS switch, we should be able to authenticate using local database :)

I am now looking for PIX Firewall TACACS+ Authentication Configuration. Whew, we have experience with MS AD and RADIUS but this is the first time we work in TACACS+ and RSA/ACE :)

Lukeoman recommendation will not work at this time, since we can't login to the switch anymore. We need to login first before we can do what he recommended, and login is our problem.

0 Helpful

Danilo Dy
VIP Alumni
VIP Alumni
In response to ozlemduran

‎03-27-2005 11:10 PM

We solved it!

Now we successfully configured TACACS+ and RSA/ACE in Cisco Router (IOS) and Cisco Switches (IOS/CATOS) in over 200 devices!

Now we are working in PIX FW.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents