cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

105
Views
0
Helpful
0
Replies
Highlighted
Beginner

Per VRF Tacacs+ - not working

I'm trying to configure per VRF tacacs+ on a 2901 running IOS 15.2(4)M2.

 

I have the following configured:

 

aaa new-model
!
!
aaa group server tacacs+ MYGROUP
 server-private 1.2.3.4 key cisco
 ip vrf forwarding vpn_nms
 ip tacacs source-interface Loopback100
!
aaa authentication login default local
aaa authentication login MYGROUP group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group MYGROUP if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip vrf forwarding
!
!
ip vrf vpn_nms
 rd 65XXX:3
!

interface Loopback100
 description NMS LOOPBACK
 ip vrf forwarding vpn_nms
 ip address 10.10.10.10 255.255.255.255

!

tacacs-server host 1.2.3.4
tacacs-server directed-request
tacacs-server key cisco

!

line con 0
 privilege level 15
 logging synchronous
 login authentication MYGROUP
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 login authentication MYGROUP
 length 0
 transport input all

 

I know some of this config is redundant but I have been trying different things and getting nowhere.

Everyone's tags (1)
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards