Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1718
Views
0
Helpful
4
Replies

Tacacs login issue on Cisco 2960 switch.

jainamdhulla
Level 1
Level 1

‎04-21-2016 03:04 AM - edited ‎03-05-2019 03:51 AM

I have configured AAA on Cisco 2960 & also configured AAA client in Acs 5.2. But i am not able to login via Tacacs & i have to login via local.

Here is config on Switch:

aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization config-commands
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
!
!
!
!
!
!
aaa session-id common

1 person had this problem
Labels:
0 Helpful
4 Replies 4

RicardoReynaud
Level 1
Level 1

‎04-21-2016 05:34 AM

Hi,

Did you put the tacacs-server command as well? It should be on the bottom of the show running-config. Something like:

tacacs-server host 10.10.10.1 timeout 5
tacacs-server key 7 095C4F1A0A1218000F

The config might change a little (depending on IOS) but see if you have them or not on your config.

Thanks,

Ricardo

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to RicardoReynaud

‎04-21-2016 05:47 AM

It might help if the original poster would post the output of show run | include tacacs

Are there logs on the tacacs server? If so do they show the authentication request? If so what do the logs say about the authentication request.

There should be a command on the switch to show tacacs. What does that command show?

If all else fails you could run debug for aaa authentication and for tacacs and post the debug output.

HTH

Rick

HTH

Rick
0 Helpful

Pawan Raut
Level 4
Level 4

‎04-21-2016 10:34 AM

 

Troubleshooting steps to follow

Check the tacacs-server config check the IP address and tacacs key should be correct.

Check the ping from switch to tacacs server IP. If ping fail then check routing. If Successful then check the logs on ACS end for that switch.

0 Helpful

abdallah malas
Level 1
Level 1

‎04-21-2016 02:07 PM

Hello,

If you are logging in locally for sure you have a problem either reaching the TACACS+ Server or you haven't configured TACACS+ correctly.

I would use the following methods to troubleshoot a similar problem:

1- Try to ping the Tacacs+ Server from the 2960 switch to ensure connectivity.

2- if connectivity is good, then I would review the configuration and make sure that you are referncing to the right TACACS+ Server IP and you are using the right key:

tacacs-server host X.X.X.X
tacacs-server key (PASSWORD)

3- If you found that everything is good in Step two, I would recommend you to turn on some aaa debug commands and paste here the output, most probably when you review the output will see the problem, as I mentioned if you need help just paste it here.

Best Regards,

0 Helpful
Customers Also Viewed These Support Documents