Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

TACACS auth on Mgmt interface

cheeseburger
Level 1
Level 1

‎12-14-2018 08:03 AM - edited ‎03-05-2019 11:06 AM

I'm having a really difficult time getting TACACS working on a new ASR1001x. 

 

I have the device cabled on the management interface and I can ping the TACACS server. Management interface is in the Mgmt-intf VRF. Here is a copy of my config, where am I wrong? I can SSH to the device and use local creds to gain access. 

 

aaa new-model
!
!
aaa group server tacacs+ TACACS1
server name DV-ACS-1
!
aaa authentication login default group TACACS1 local
aaa authorization exec default group TACACS1 local none
aaa authorization commands 15 default group TACACS1 local none
aaa accounting exec default start-stop group TACACS1
aaa accounting commands 15 default start-stop group TACACS1

 

interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 10.206.40.95 255.255.255.0
negotiation auto

 

tacacs server DV-ACS-1
address ipv4 10.162.0.11
key <key>
timeout 5

 

ip route vrf Mgmt-intf 0.0.0.0 0.0.0.0 10.206.40.1
ip tacacs source-interface GigabitEthernet0

 

line vty 0 4
session-timeout 120
exec-timeout 120 0
transport input ssh
line vty 5 15
exec-timeout 120 0
privilege level 15
transport input ssh

1 person had this problem
Labels:
0 Helpful
Who Me Too'd this topic