Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
827
Views
0
Helpful
2
Replies

No AAA Authentication For Switch

Go to solution
Robert Molina
Level 1
Level 1

‎11-23-2015 04:35 PM - edited ‎03-10-2019 11:15 PM

I am perplexed by my issue. I have one switch out of 9 that cannot authenticate with our TACACS server. The configurations are the same as every other switch, yet when I try to log in using the TACACS+ account, access is denied. Here is the configuration for the AAA/TACACS on the switch.

aaa new-model

aaa authentication login default group tacacs+ local
aaa authorization console
aaa authorization exec default group tacacs+ local

tacacs-server host X.X.33.XX
tacacs-server key 7 ???????????

I have removed the aaa configuration and then reconfigured it along with the tacacs server information and no tacacs authentication. I have given the interface tacacs should use, but same outcome. Any ideas?

Thank you,

Robert

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎11-23-2015 05:11 PM

Robert,

Please make sure following

- Tacacs server is reachable from the switch and port 49 is not blocked.

- If this is layer 3 switch then make sure to setup ip tacacs source interface XXXX (Interface IP that is defined in tacacs server)

- Check secret key

If issue is still there then please get

debug aaa authentication

debug tacacs

Regards,

~JG

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎11-23-2015 05:11 PM

Robert,

Please make sure following

- Tacacs server is reachable from the switch and port 49 is not blocked.

- If this is layer 3 switch then make sure to setup ip tacacs source interface XXXX (Interface IP that is defined in tacacs server)

- Check secret key

If issue is still there then please get

debug aaa authentication

debug tacacs

Regards,

~JG

0 Helpful

Go to solution
Robert Molina
Level 1
Level 1
In response to Jagdeep Gambhir

‎11-24-2015 09:44 AM

JG,

Thank you for your assistance. I thought about it this morning and I wasn't sure that I had even entered the ip tacacs source-interface command. I entered it this morning, and I turned on debug for aaa authentication and tacacs, so that I could see what was happening on the switch. I attempted to log in with my tacacs account and I was able to without an issue.

Thank you again for your help.

0 Helpful
Customers Also Viewed These Support Documents