Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5177
Views
0
Helpful
2
Replies

tacacs configuration on gig0/0 Management port on cisco 3850

Go to solution
BalajiDasarathan
Level 1
Level 1

‎08-05-2014 12:38 PM

Dear Members

I would like to configure the gig0/0 (Management port) on Cisco 3850 switch for TACACS authentication, however, the TACACS authentication doesnt work and the switch can only do local authentication.

The below link doesnt include TACACS as one of the supported features on the management port of Cisco 3850 and I would like to confirm if this is the case.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/configuration_guide/b_consolidated_3850_3se_cg/b_consolidated_3850_3se_cg_chapter_011110.html

Your inputs / response is much appreciated.

-Balaji

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Rolf Fischer
Level 9
Level 9

‎08-06-2014 11:02 PM

Hi Balaji,

the management port is assigned to a VRF called "mgmt-vrf", so it does not participate in global ip forwarding because it is intended for out-of-band management. This link showes a configuration example for TACACS:

http://blog.monkeyrouter.com/2014/04/tacacs-over-management-vrf.html

HTH

Rolf
 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Rolf Fischer
Level 9
Level 9

‎08-06-2014 11:02 PM

Hi Balaji,

the management port is assigned to a VRF called "mgmt-vrf", so it does not participate in global ip forwarding because it is intended for out-of-band management. This link showes a configuration example for TACACS:

http://blog.monkeyrouter.com/2014/04/tacacs-over-management-vrf.html

HTH

Rolf
 

0 Helpful

Go to solution
BalajiDasarathan
Level 1
Level 1
In response to Rolf Fischer

‎08-07-2014 08:14 AM

Thanks for your response Rolf, we were intending to use this as "in-band" management and because it doesn't support TACACS and has limited SNMP capability, we have dropped the plan of using it as "in-band" management, I wish Cisco could have named this as "out-of-band" management access to the switch.

-Balaji

0 Helpful
Customers Also Viewed These Support Documents