Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
999
Views
0
Helpful
9
Replies

TACACS config- unable to login

madhumohanv9312
Level 1
Level 1

‎07-21-2015 02:51 PM

Hi,

Can any one help me out, i configured TACACS in one switch and and tested on that session as:

test aaa group TACACS1 <User ID> <RSA Key> legacy

its said user successfully authenticated and then i did write command on switch, after that i loss to access.

what exactly do i need to do now?

Labels:
0 Helpful
9 Replies 9

luismorales31
Level 1
Level 1

‎07-21-2015 05:00 PM

Hello,

With the "test aaa" command you are validating that client/server communication is working correctly for the defined aaa server group, but it does not validate that the AAA config used for VTY/Console authentication is ok.

Can you share the aaa config you applied on the switch, to see where the problem might be?

 

0 Helpful

madhumohanv9312
Level 1
Level 1
In response to luismorales31

‎07-21-2015 06:25 PM

Hi Luis,

Thanks for reply,

Tacacs Config:

 

aaa new-model

aaa authentication login default group Group1 line

aaa authentication login console local

aaa authentication login Radic local

aaa authentication login no_tacacs line

aaa authentication enable default group Group1 enable

aaa authentication ppp default if-needed group Group1

aaa authorization exec default group Group1 if-authenticated

aaa authorization exec no_tacacs none

aaa authorization commands 1 default group Group1 if-authenticated

aaa authorization commands 15 default group Group1 if-authenticated

aaa authorization network default group Group1 if-authenticated

 

 

 

aaa group server tacacs+ Group1

server-private <IP> key 0 <KEY>

server-private <IP> key 0 <KEY>

ip tacacs source-interface  <vlan29>

0 Helpful

luismorales31
Level 1
Level 1
In response to madhumohanv9312

‎07-21-2015 06:40 PM

Can you also show the lines VTY/Console config?

Are you trying to connect via telnet/ssh or console, and what is the error presenting? Is it prompting for a username/password and is saying that the authentication failed?

Regards,

Luis

0 Helpful

madhumohanv9312
Level 1
Level 1
In response to luismorales31

‎07-22-2015 01:30 AM

Sorry for late reply.. I am trying to login via ssh, switch is at remote site... And yes it is prompting for username and password after then authentication failed.....the other device at the same site with this config template I am able.to login.. Only for this particular system.. Is there any way to take control apart from console access To give console and vty config,I didn't took backup... Bad luck pch.. But iam sure those are configured and ssh. .
0 Helpful

luismorales31
Level 1
Level 1
In response to madhumohanv9312

‎07-22-2015 08:24 AM

Try checking the AAA servers logs, to see if the attempts you're trying to make reach the server and what it is responding.

If you can't connect via SSH/Telnet or via Console, I think the other option you would have is via SNMP if you configured a read-write snmp community on the switch.

0 Helpful

madhumohanv9312
Level 1
Level 1
In response to luismorales31

‎07-22-2015 09:17 AM

Thank you I will try with console.. How to connect via SNMP
0 Helpful

luismorales31
Level 1
Level 1
In response to madhumohanv9312

‎07-22-2015 10:37 AM

If you can connect via Console it would be the easiest way.

 

Where you able to check the logs in the AAA server?

0 Helpful

madhumohanv9312
Level 1
Level 1
In response to luismorales31

‎07-24-2015 10:00 AM

Thank you Luis. i revoked by Console and everything ok The device not added properly in to ACS

0 Helpful

madhumohanv9312
Level 1
Level 1
In response to madhumohanv9312

‎07-24-2015 11:50 AM

on the ACS Server logs are Possibily mismatch shared sectrets

0 Helpful
Customers Also Viewed These Support Documents