cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1225
Views
0
Helpful
2
Replies
Srini Grahadurai
Beginner

issue with tacacs cisco 9500

Hello,

 

I have a issue with tacacs after I upgraded the cisco 9500 stackwise to code 16.12.2!

The router doesn't accept the tacacs password but only local password. After authenticated with local password it goes to enable mode and accepts tacacs password. I have checked the aaa configurations with other routers which works fine with tacacs (different code)  and it is exactly the same.

 

aaa authentication debug:

May 19 14:23:41.747 AEST: AAA/BIND(00000017): Bind i/f
May 19 14:23:41.747 AEST: AAA/AUTHEN/LOGIN (00000017): Pick method list 'nwadmin_authen'
May 19 14:23:41.747 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:23:41.747 AEST: AAA/AUTHEN/ENABLE(00000017): Done status GET_PASSWORD

May 19 14:23:53.462 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:23:53.487 AEST: AAA/AUTHEN/ENABLE(00000017): Done status FAIL - bad password

May 19 14:23:55.488 AEST: AAA/AUTHEN/LOGIN (00000017): Pick method list 'nwadmin_authen'
May 19 14:23:55.489 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:23:55.489 AEST: AAA/AUTHEN/ENABLE(00000017): Done status GET_PASSWORD

May 19 14:24:05.594 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:24:05.619 AEST: AAA/AUTHEN/ENABLE(00000017): Done status FAIL - bad password

May 19 14:24:07.620 AEST: AAA/AUTHEN/LOGIN (00000017): Pick method list 'nwadmin_authen'
May 19 14:24:07.620 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:24:07.620 AEST: AAA/AUTHEN/ENABLE(00000017): Done status GET_PASSWORD
when I put in the local secret I get the below debug:
May 19 14:24:15.086 AEST: AAA/AUTHEN/ENABLE(00000017): Processing request action LOGIN
May 19 14:24:15.110 AEST: AAA/AUTHEN/ENABLE(00000017): Done status PASS

 

I have attached the aaa config.

Any help is appreciated.

 

regards

 

2 REPLIES 2
Marius Gunnerud
VIP Advisor

Remove the following command and then try again.

no aaa authentication login default enable

--
Please remember to select a correct answer and rate helpful posts

Hi Marius,

Thanks.

even after removing the command the issue persists.

 

regards

Create
Recognize Your Peers
Content for Community-Ad