Re: TACACs is not working

raghavendran.r · ‎07-03-2018

Dear Network Engineers,

CISCO#test aaa group tacacs+ raghr pass legacy
Attempting authentication test to server-group tacacs+ using tacacs+
User was successfully authenticated.

but still device not accessible via TACACS credentials ..and only accessible via local credentials.,

Kindly help me what could be the cause.

balaji.bandi · ‎07-03-2018

can you share the AAA configuration.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Marvin Rhoads · ‎07-03-2018

What is your TACACS+ server? The best place to check is usually the logs on it.

It could be any number of things - linkage to the external ID store, authorization policy, configuration on the network device etc.

raghavendran.r · ‎07-03-2018

HI ,

have indentified that some TACACS source interface was wrongly configured with VRF MANAGEMENT , after removing that VRF statement its started working but still.

username & password is my TACACS but enable is still accessible via local credentials.

Marvin Rhoads · ‎07-04-2018

You need to distinguish between authentication (who can log in) and authorization (who can do what). You can authenticate via TACACS and authorize locally. The device's AAA (Authentication Authorization and Accounting) settings control that.

raghavendran.r · ‎07-06-2018

Thanks MArvin ,

Got it ...

1 ,have cheked in ACS and observed no configuration issue.

2.switch side as you mentioned checked authorization but it has all the configuration like other switches.

removing all those authorization and adding it back will help?