08-05-2014 12:38 PM
Dear Members
I would like to configure the gig0/0 (Management port) on Cisco 3850 switch for TACACS authentication, however, the TACACS authentication doesnt work and the switch can only do local authentication.
The below link doesnt include TACACS as one of the supported features on the management port of Cisco 3850 and I would like to confirm if this is the case.
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/consolidated_guide/configuration_guide/b_consolidated_3850_3se_cg/b_consolidated_3850_3se_cg_chapter_011110.html
Your inputs / response is much appreciated.
-Balaji
Solved! Go to Solution.
08-06-2014 11:02 PM
Hi Balaji,
the management port is assigned to a VRF called "mgmt-vrf", so it does not participate in global ip forwarding because it is intended for out-of-band management. This link showes a configuration example for TACACS:
http://blog.monkeyrouter.com/2014/04/tacacs-over-management-vrf.html
HTH
Rolf
08-06-2014 11:02 PM
Hi Balaji,
the management port is assigned to a VRF called "mgmt-vrf", so it does not participate in global ip forwarding because it is intended for out-of-band management. This link showes a configuration example for TACACS:
http://blog.monkeyrouter.com/2014/04/tacacs-over-management-vrf.html
HTH
Rolf
08-07-2014 08:14 AM
Thanks for your response Rolf, we were intending to use this as "in-band" management and because it doesn't support TACACS and has limited SNMP capability, we have dropped the plan of using it as "in-band" management, I wish Cisco could have named this as "out-of-band" management access to the switch.
-Balaji
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide