Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3857
Views
1
Helpful
2
Replies

How to configure TACACS+ on Cisco SG300

Go to solution
Scott12
Level 1
Level 1

‎04-30-2020 04:39 PM

Hello There!

 

I have installed a new CISCO ISE, we have pending authenticate the users using TACACS on SG300, but I don't know how to configure TACACS on these switches.... LoL I can't beleive it, I was able to configure on Nexus, but anyway, any idea how can I configure TACACS?
This is the Firmware Version (Active Image): 1.4.7.5

 

kind regards

 

Scott

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-30-2020 08:53 PM

Here's a working config from one of mine:

 

ip http authentication aaa login-authentication tacacs local
aaa authentication login authorization SSH tacacs local
aaa authentication enable authorization SSH tacacs enable
line ssh
login authentication SSH
enable authentication SSH
ip ssh server

tacacs-server host <backup TACACS server address>
tacacs-server host <our other TACACS server address> priority 1
encrypted tacacs-server key <shared secret key>
tacacs-server host source-interface vlan <SVI you want to use for the device to talk to TACACS servers>

Adjust to suit your environment.

My example is the following model and version but should work on any SG300:

<redacted>#show inventory

NAME: "1"   DESCR: "SG300-10MPP 10-Port Gigabit PoE+ Managed Switch"   
PID: SG300-10MPP-K9   VID: V02   SN: PSZ19101HQD   
<redacted>#show version
SW version    1.4.1.3 ( date  29-Mar-2015 time  16:24:16 )
Boot version    1.3.5.06 ( date  21-Jul-2013 time  15:12:10 )
HW version    V02

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎04-30-2020 08:53 PM

Here's a working config from one of mine:

 

ip http authentication aaa login-authentication tacacs local
aaa authentication login authorization SSH tacacs local
aaa authentication enable authorization SSH tacacs enable
line ssh
login authentication SSH
enable authentication SSH
ip ssh server

tacacs-server host <backup TACACS server address>
tacacs-server host <our other TACACS server address> priority 1
encrypted tacacs-server key <shared secret key>
tacacs-server host source-interface vlan <SVI you want to use for the device to talk to TACACS servers>

Adjust to suit your environment.

My example is the following model and version but should work on any SG300:

<redacted>#show inventory

NAME: "1"   DESCR: "SG300-10MPP 10-Port Gigabit PoE+ Managed Switch"   
PID: SG300-10MPP-K9   VID: V02   SN: PSZ19101HQD   
<redacted>#show version
SW version    1.4.1.3 ( date  29-Mar-2015 time  16:24:16 )
Boot version    1.3.5.06 ( date  21-Jul-2013 time  15:12:10 )
HW version    V02

Go to solution
Scott12
Level 1
Level 1
In response to Marvin Rhoads

‎05-01-2020 07:11 AM

Dear Marvin,

 

Many thanks for sharing the cli commands, now it works!!.

 

Stay safe!.

 

Regards

Scott

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card