11-05-2018 12:56 PM
I am trying to configure TACACS+ for a 4430 ISR and cannot seem to get it to work. Here is my current config:
aaa new-model
!
!
aaa group server tacacs+ TNCTAC
server name AUTH1
server name AUTH2
ip tacacs source-interface GigabitEthernet0/0/3 <------ only interface connected right now
!
aaa authentication password-prompt KEY:
aaa authentication username-prompt USER:
aaa authentication login TNCAdmin group TNCTAC
aaa authentication enable default group TNCTAC enable
aaa authorization exec TNCAdmin group TNCTAC local if-authenticated
aaa accounting exec default start-stop group TNCTAC
!
!
!
!
!
!
aaa session-id common
tacacs server AUTH1
address ipv4 10.1.30.190
key 7 13011E170A020B3E23213A37343B
tacacs server AUTH2
address ipv4 10.6.8.190
key 7 121D0C1213050310222E362C322C
When I try and open a connection the the router, it allows me to enter my credentials, and then just closes. If I run:
#test aaa group TNCTAC 'usernam' 'password' legacy
It authenticates me. What am I missing? Thank You!
11-05-2018 01:31 PM
check on TACACS side any logs (is this ISE or ACS ) ?
i do not remember the version correctly we had some issue same and causing bug, check any bug reported.
11-06-2018 05:11 AM - edited 11-06-2018 05:18 AM
This is ISE. I checked the bugs but only saw something about TACACS and the null-password causing an issue.
I checked the ISE logs and it shows me authenticating with a status of Pass.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide