Nexus 5000 Tacacs issue

opnineopnine · ‎05-08-2016

Hello

I have the following config, the issue is that , whe I dont have access to the my tacacs server the local validation is not working.

Any ideas?

feature tacacs+
tacacs-server key 7 TITITIT122
ip tacacs source-interface mgmt0
tacacs-server host 126.252.1.8
aaa group server tacacs+ TacServers
server 126.252.1.8
deadtime 10
aaa authentication login default group TacServers local
aaa authorization config-commands default group TacServers local
aaa authorization commands default group TacServers local
aaa accounting default group TacServers local
aaa authentication login error-enable
tacacs-server directed-request

thanks!

Mark Malone · ‎05-09-2016

Hi

here is my setup on 5ks that's currently working when tacacs is reachable or not it reverts to local passwords may help , I use the vrf though as my mgmt. interface you cant remove it

aaa authentication login default group xxxxx
aaa authentication login console group xxxxx
aaa authorization commands default group xxxxx local
aaa accounting default group xxxxx
tacacs-server directed-request

tacacs-server host 172.x.x.x key 7 "p%DW%h9g76=3!Z+G4!SS"
tacacs-server host 172.x.x.x key 7 "p%DW%h9g76=3!Z+G4!SS"
aaa group server tacacs+ xtacacs
server 172.x.x.x
server 172.x.x.x
use-vrf management
source-interface mgmt0

vrf context management
ip domain-name xxxx
ip route 0.0.0.0/0 172.x.x.x

interface mgmt0
vrf member management
ip address 172.x.x.x/22

opnineopnine · ‎05-09-2016

Hello Mark

I get this error

Error: AAA authorization failed AAA_AUTHOR_STATUS_METHOD=16(0x10)

when I add this part

aaa accounting default group TacServers local
aaa authentication login error-enable
aaa authentication login conssole local

thanks!

Mark Malone · ‎05-09-2016

Whats the config under the mgmt0 interface and is it currently up/up

opnineopnine · ‎05-09-2016

Hello

interface mgmt0
ip address 192.168.1.244/22

Thanks.