09-05-2016 02:55 PM
Good Day All,
I have configured tacacs+ & aaa configuration on my nexus but it is not working anyonen can advice with expert opinion?? below are configs done:
AAA Configurations
===============
HQ-N7K-2# sh running-config aaa
aaa authentication login default group PACI-TACACS
aaa authentication login console local
aaa authorization config-commands default group PACI-TACACS local
aaa authorization commands default group PACI-TACACS local
aaa accounting default group PACI-TACACS
no aaa user default-role
tacacs-server directed-request
TACACS+ Configurations
====================
HQ-N7K-2# sh running-config tacacs+
feature tacacs+
tacacs+ distribute
ip tacacs source-interface mgmt0
tacacs-server host 172.10.1.100 key 7 "paci@XXX"
tacacs+ commit
aaa group server tacacs+ PACI-TACACS
server 172.10.1.100
use-vrf management
source-interface mgmt0
Connectivity towards ACS Server
=========================
HQ-N7K-2# ping 172.10.1.100 source 172.17.1.114 vrf management
PING 172.17.1.100 (172.17.1.100) from 172.17.1.114: 56 data bytes
64 bytes from 172.10.1.100: icmp_seq=0 ttl=63 time=1.258 ms
64 bytes from 172.10.1.100: icmp_seq=1 ttl=63 time=1.154 ms
64 bytes from 172.10.1.100: icmp_seq=2 ttl=63 time=1.186 ms
64 bytes from 172.10.1.100: icmp_seq=3 ttl=63 time=1.349 ms
64 bytes from 172.10.1.100: icmp_seq=4 ttl=63 time=1.226 ms
Port (49) testing towards ACS
=======================
HQ-N7K-2# telnet 172.10.1.100 49 source 172.17.1.114 vrf management
Trying 172.10.1.100...
Connected to 172.10.1.100.
Escape character is '^]'.
Connection closed by foreign host.
but on testing I am getting this.
HQ-N7K-2# test aaa group PACI-TACACS aashfaque 12345698
error authenticating to server, status=7
Please advice if you see any issue in configs....
Regards,
Solved! Go to Solution.
12-10-2018 10:36 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide