08-25-2016 06:04 PM - edited 03-05-2019 04:34 AM
Having problem on with tacacs server commands for alternate port.
I do not have the available commands on my router what is the trick?
c1900-universalk9-mz.SSA-eng-sp-153-3.M1.bin
ipbase ipbasek9 Permanent ipbasek9
ISSUE:
This is what i get for commands:
router(config)#tacacs-server host 1.1.1.1 ?
<cr>
This is what I NEED to get:
router(config)#tacacs-server host 1.1.1.1 ?
key per-server encryption key (overrides default)
nat To send client's post NAT address to tacacs+ server
port TCP port for TACACS+ server (default is 49)
single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
timeout Time to wait for this TACACS server to reply (overrides default)
<cr>
Solved! Go to Solution.
08-25-2016 11:34 PM
You are using the legacy config. Try the new config-style:
core1(config)#tacacs server ISE1
core1(config-server-tacacs)#?
TACACS server sub-mode commands:
address Specify ip address for tacacs server
exit Exit from TACACS server configuration mode
key per-server encryption key (overrides default)
no Negate a command or set its defaults
port TCP port for TACACS+ server (default is 49)
send-nat-address To send client's post NAT address to tacacs+ server
single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
timeout Time to wait for this TACACS server to reply (overrides default)
08-25-2016 11:34 PM
You are using the legacy config. Try the new config-style:
core1(config)#tacacs server ISE1
core1(config-server-tacacs)#?
TACACS server sub-mode commands:
address Specify ip address for tacacs server
exit Exit from TACACS server configuration mode
key per-server encryption key (overrides default)
no Negate a command or set its defaults
port TCP port for TACACS+ server (default is 49)
send-nat-address To send client's post NAT address to tacacs+ server
single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
timeout Time to wait for this TACACS server to reply (overrides default)
08-26-2016 07:30 AM
Actually I did not realize but I needed to add "aaa new-model" prior to adding the tacacs servers.
Which actually seems kind of strange, and is not documented anywhere.
So....
aaa new-model
then
tacacs-server host x.x.x.x port 40109
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide