Re: 4430 IOS XE 15.5(3) S4b and TACACS+ Problem

ccisco630 · ‎11-05-2018

I am trying to configure TACACS+ for a 4430 ISR and cannot seem to get it to work. Here is my current config:

aaa new-model
!
!
aaa group server tacacs+ TNCTAC
server name AUTH1
server name AUTH2
ip tacacs source-interface GigabitEthernet0/0/3 <------ only interface connected right now
!
aaa authentication password-prompt KEY:
aaa authentication username-prompt USER:
aaa authentication login TNCAdmin group TNCTAC
aaa authentication enable default group TNCTAC enable
aaa authorization exec TNCAdmin group TNCTAC local if-authenticated
aaa accounting exec default start-stop group TNCTAC
!
!
!
!
!
!
aaa session-id common

tacacs server AUTH1
address ipv4 10.1.30.190
key 7 13011E170A020B3E23213A37343B
tacacs server AUTH2
address ipv4 10.6.8.190
key 7 121D0C1213050310222E362C322C

When I try and open a connection the the router, it allows me to enter my credentials, and then just closes. If I run:

#test aaa group TNCTAC 'usernam' 'password' legacy

It authenticates me. What am I missing? Thank You!

balaji.bandi · ‎11-05-2018

check on TACACS side any logs (is this ISE or ACS ) ?

i do not remember the version correctly we had some issue same and causing bug, check any bug reported.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

ccisco630 · ‎11-06-2018

This is ISE. I checked the bugs but only saw something about TACACS and the null-password causing an issue.

I checked the ISE logs and it shows me authenticating with a status of Pass.