I am doing a lab and I want to know why in the Rprueba router when I try to log in I can only see the password but I can not write the user, I attach the configuration of the routers.
CONFIGURATION OF RMEDIA
hostname RMEDIA
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
no ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface GigabitEthernet0/0
ip address 10.37.10.101 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
no ip address
negotiation auto
!
interface GigabitEthernet1/0.1
encapsulation dot1Q 501
ip address 10.88.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet1/0.2
encapsulation dot1Q 778
ip address 10.91.2.1 255.255.255.0
!
interface GigabitEthernet1/0.3
encapsulation dot1Q 790
ip address 10.92.3.1 255.255.255.0
!
interface GigabitEthernet1/0.4
encapsulation dot1Q 800
ip address 10.93.4.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet2/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list NO_NAT interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.37.10.1
ip route 10.88.1.0 255.255.255.0 10.88.1.145
ip route 10.90.98.0 255.255.255.0 10.91.2.146
ip route 10.90.99.0 255.255.255.0 10.92.3.147
ip route 10.90.100.0 255.255.255.0 10.93.4.148
ip route 192.168.20.0 255.255.255.0 10.91.2.146
!
ip access-list extended NO_NAT
permit ip 10.37.10.0 0.0.0.255 10.88.1.0 0.0.0.255
!
access-list 1 permit 10.88.1.0 0.0.0.255
access-list 101 permit tcp any host 10.37.10.9 eq tacacs
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input none
!
!
end
-------------------------------
CONFIGURATION OF RBACKUP
hostname RBACKUP
!
boot-start-marker
boot-end-marker
!
!
logging buffered 9000
enable secret 9 $9$TojNA.HR9KgNuU$Ys2r9H3zrJgVt7UloEuQeKDXalGtW3abjWCcLeTIIdk
!
aaa new-model
!
!
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa accounting network default
action-type start-stop
group tacacs+
!
aaa accounting connection default
action-type start-stop
group tacacs+
!
!
!
!
!
!
aaa session-id common
clock timezone GMT -5 0
no ip icmp rate-limit unreachable
!
!
!
ip vrf RPV_1
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip vrf RPV_2
rd 2:2
route-target export 2:2
route-target import 2:2
!
!
ip dhcp pool LAN_POOL
network 192.168.55.0 255.255.255.0
default-router 192.168.55.1
dns-server 8.8.8.8 1.1.1.1
lease 7
!
!
!
no ip domain lookup
ip name-server 200.62.191.11
ip name-server 200.24.191.11
ip name-server 200.62.191.12
ip name-server 200.24.191.12
ip cef
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface GigabitEthernet0/0
description Interface WAN BEMBOS SAC - SEDE CENTRAL CERRO COLORADO
no ip address
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet0/0.1
encapsulation dot1Q 501
ip address 10.88.1.145 255.255.255.0
!
interface GigabitEthernet0/0.2
encapsulation dot1Q 778
ip vrf forwarding RPV_1
ip address 10.91.2.146 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet1/0
description RED_LAN
ip address 192.168.55.1 255.255.255.0
shutdown
negotiation auto
!
interface GigabitEthernet2/0
ip vrf forwarding RPV_1
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
negotiation auto
!
interface GigabitEthernet3/0
ip vrf forwarding RPV_2
ip address 192.168.30.1 255.255.255.0
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
!
router eigrp 100
!
address-family ipv4 vrf RPV_1 autonomous-system 1
network 192.168.20.0
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/0.2 overload
ip route 0.0.0.0 0.0.0.0 10.37.10.101
ip route 0.0.0.0 0.0.0.0 10.88.1.1
ip route vrf RPV_1 0.0.0.0 0.0.0.0 10.37.10.101
ip route vrf RPV_1 0.0.0.0 0.0.0.0 10.91.2.1
ip route vrf RPV_1 10.37.10.9 255.255.255.255 10.91.2.1
!
access-list 1 permit 10.91.2.0 0.0.0.255
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 101 permit tcp any host 10.37.10.9 eq tacacs
no cdp log mismatch duplex
!
!
tacacs-server host 10.37.10.9
tacacs-server key CLARO&blitz
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
transport input all
!
!
end
-----------------------
CONFIGURATION OF Rprueba
hostname rRPV_BEMBOS_REALPLAZA
!
boot-start-marker
boot-end-marker
!
!
logging buffered 10000 informational
enable secret 9 $9$ajoqXaULehAfCk$W1WEKHn.lCDsrckiB13ge1jUSMc7LKgVwFFopp8b/O.
!
aaa new-model
!
!
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type start-stop
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!
aaa accounting network default
action-type start-stop
group tacacs+
!
aaa accounting connection default
action-type start-stop
group tacacs+
!
!
!
!
!
!
aaa session-id common
clock timezone UTC -5 0
no ip icmp rate-limit unreachable
!
!
!
ip vrf RPV_1
rd 1:1
route-target export 1:1
route-target import 1:1
!
ip dhcp excluded-address 192.168.22.10
!
ip dhcp pool LAN_POOL
network 192.168.22.0 255.255.255.0
default-router 192.168.22.1
dns-server 8.8.8.8 8.8.4.4
lease 7
!
!
!
no ip domain lookup
ip domain name ejemplo.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
ip ssh version 2
!
class-map match-any qos2
match ip dscp cs2
!
policy-map wan
class qos2
bandwidth 2560
police 2560000 480000 960000 conform-action transmit exceed-action set-dscp-transmit cs1
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
shutdown
!
interface Loopback1
ip vrf forwarding RPV_1
ip address 10.37.10.2 255.255.255.255
!
interface Loopback30
ip address 10.99.165.208 255.255.255.0
!
interface Ethernet0/0
no ip address
shutdown
duplex auto
!
interface GigabitEthernet0/0
description WAN RPV - CID 21746992 BEMBOS SAC - SEDE REAL PLAZA AREQUIPA
ip vrf forwarding RPV_1
ip address 192.168.20.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
duplex full
speed 1000
media-type gbic
negotiation auto
!
interface GigabitEthernet1/0
description RED_LAN
ip address 192.168.22.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
negotiation auto
!
interface GigabitEthernet2/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet3/0
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet4/0
no ip address
shutdown
negotiation auto
!
!
router eigrp 100
!
address-family ipv4 vrf RPV_1 autonomous-system 1
network 192.168.20.0
distribute-list route-map FILTRO_EIGRP out
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route vrf RPV_1 0.0.0.0 0.0.0.0 10.91.2.146
ip route vrf RPV_1 0.0.0.0 0.0.0.0 10.91.2.1
ip route vrf RPV_1 0.0.0.0 0.0.0.0 10.37.10.101
ip route vrf RPV_1 10.37.10.9 255.255.255.255 192.168.20.1
!
!
ip prefix-list REDES_EIGRP seq 5 permit 192.168.22.0/24
ip prefix-list REDES_EIGRP seq 10 permit 192.168.20.0/24
ip prefix-list REDES_EIGRP seq 15 permit 10.37.10.0/24
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 101 permit tcp any host 10.37.10.9 eq tacacs
access-list 101 permit tcp host 192.168.20.2 host 10.37.10.9 eq tacacs
no cdp log mismatch duplex
!
route-map FILTRO_EIGRP permit 10
match ip address prefix-list REDES_EIGRP
!
snmp-server community mra RO
snmp-server trap-source Loopback30
snmp-server enable traps entity-sensor threshold
snmp-server enable traps entity
snmp-server host 192.168.57.98 version 2c mra
!
tacacs-server host 10.37.10.9 key CLARO&blitz
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
transport input ssh
!
!
end
-------------------------------
which from the router Rprueba I can enter with ssh to the tacacs server, but when I want to enter with ssh to this same router to corroborate that it is well and that the tacacs server is authorizing and authenticating, I always have to put the local password but not the password that is in the tacacs server.
