06-20-2021 03:33 AM
Hello,
I have ACS 5.7 and 9200 switches, i can't make the switches authenticate with tacacs+ on the ACS.
The configuration:
==============================================
aaa new-model
aaa authentication login default group tacacs+ local enable
aaa authentication login SSH group rad-group local
aaa authentication dot1x default group rad-group
aaa authorization exec default group tacacs+ local
aaa authorization network default group rad-group
aaa accounting dot1x default start-stop group rad-group
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 7 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa session-id common
ip tacacs source-interface Vlan198
tacacs-server host 10.10.10.10 key 7 047822422C716E1E23
tacacs-server directed-request
==============================================
switch IOS version 16.12.3a
Any idea
Solved! Go to Solution.
06-20-2021 04:52 AM
This is working config of Cat 9300 IOS 16.12.X
aaa new-model
!
tacacs-server directed-request
tacacs server Server 1
address ipv4 x.x.x.x
key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
tacacs server Server 2
address ipv4 x.x.x.x
key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa group server tacacs+ BBGROUP
server name server1
server name server2
ip tacacs source-interface XXXX (interface name)
!
aaa authentication login default group BBGROUP local
aaa authorization config-commands
aaa authorization exec default group BBGROUP local
aaa authorization commands 0 default group BBGROUP local
aaa authorization commands 1 default group BBGROUP local
aaa authorization commands 15 default group BBGROUP local
aaa accounting exec default start-stop group BBGROUP
aaa accounting commands 0 default start-stop group BBGROUP
aaa accounting commands 1 default start-stop group BBGROUP
aaa accounting commands 15 default start-stop group BBGROUP
06-20-2021 04:52 AM
This is working config of Cat 9300 IOS 16.12.X
aaa new-model
!
tacacs-server directed-request
tacacs server Server 1
address ipv4 x.x.x.x
key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
tacacs server Server 2
address ipv4 x.x.x.x
key 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa group server tacacs+ BBGROUP
server name server1
server name server2
ip tacacs source-interface XXXX (interface name)
!
aaa authentication login default group BBGROUP local
aaa authorization config-commands
aaa authorization exec default group BBGROUP local
aaa authorization commands 0 default group BBGROUP local
aaa authorization commands 1 default group BBGROUP local
aaa authorization commands 15 default group BBGROUP local
aaa accounting exec default start-stop group BBGROUP
aaa accounting commands 0 default start-stop group BBGROUP
aaa accounting commands 1 default start-stop group BBGROUP
aaa accounting commands 15 default start-stop group BBGROUP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide