06-30-2011 03:26 AM - edited 03-01-2019 06:58 AM
Hello!
Could you please help with the my problem....
I have the Nexus 1000v configured for tacacs authentication:
nexus(config)# tacacs-server host A.B.C.D key *****
nexus(config)# aaa group server tacacs+ TacServer
nexus(config-tacacs+)# server A.B.C.D
Testing of the tacacs+ authentication succeeded only whith the following:
nexus(config)# test aaa server tacacs+ A.B.C.D login password
.......user has been authenticated........
But when when I try to issue that command there is the problem:
nexus(config)# test aaa group TacServer login password
.......error authenticating to server........
And debug said:
nexus(config)# aaa: sg_protocol is incorrect. Retrieving it by checking group list
That is why I can not use console authentication with my tacacs (aaa authentication login console group TacServer). Seems like my nexus can not identify tacacs-server inside server group.
06-30-2011 03:45 AM
How do you reach the tacacs server? via the Mg0 or inline interfaces?
Did you specify the VRF and source interface in the tacacs group:
aaa group server tacacs+ TacServer use-vrf management source-interface mgmt0
hth
06-30-2011 04:46 AM
Thanks! Now it works!
But why does this configuration begin working only after "user-vrf management" command?
06-30-2011 05:01 AM
All ethernet interface on the Nexus belong to the Default VRF, and the Mgmt0 belongs to the Management VRF.
For this reason any control traffic must be specified to use the Mgmt0 interface and the Management VRF as a source, unless you want to use the inline ethernet interfaces for your control traffic.
hth
06-30-2011 05:54 AM
In the Nexus 1000v config guide "user-vrf" command is named as "optional". Also given tacacs configuration example have no this command.
And that fact confused me...
Thank you once again!
06-30-2011 06:13 AM
Its not required, but that depends how your network is setup.
Most people will use the out-of-band for management traffic, so the defaults here IMO is swapped around.
Glad to have helped
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide