08-25-2016 06:04 PM - edited 03-05-2019 04:34 AM
Having problem on with tacacs server commands for alternate port.
I do not have the available commands on my router what is the trick?
c1900-universalk9-mz.SSA-eng-sp-153-3.M1.bin
ipbase ipbasek9 Permanent ipbasek9
ISSUE:
This is what i get for commands:
router(config)#tacacs-server host 1.1.1.1 ?
<cr>
This is what I NEED to get:
router(config)#tacacs-server host 1.1.1.1 ?
key per-server encryption key (overrides default)
nat To send client's post NAT address to tacacs+ server
port TCP port for TACACS+ server (default is 49)
single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
timeout Time to wait for this TACACS server to reply (overrides default)
<cr>
Solved! Go to Solution.
08-25-2016 11:34 PM
You are using the legacy config. Try the new config-style:
core1(config)#tacacs server ISE1
core1(config-server-tacacs)#?
TACACS server sub-mode commands:
address Specify ip address for tacacs server
exit Exit from TACACS server configuration mode
key per-server encryption key (overrides default)
no Negate a command or set its defaults
port TCP port for TACACS+ server (default is 49)
send-nat-address To send client's post NAT address to tacacs+ server
single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
timeout Time to wait for this TACACS server to reply (overrides default)
08-25-2016 11:34 PM
You are using the legacy config. Try the new config-style:
core1(config)#tacacs server ISE1
core1(config-server-tacacs)#?
TACACS server sub-mode commands:
address Specify ip address for tacacs server
exit Exit from TACACS server configuration mode
key per-server encryption key (overrides default)
no Negate a command or set its defaults
port TCP port for TACACS+ server (default is 49)
send-nat-address To send client's post NAT address to tacacs+ server
single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
timeout Time to wait for this TACACS server to reply (overrides default)
08-26-2016 07:30 AM
Actually I did not realize but I needed to add "aaa new-model" prior to adding the tacacs servers.
Which actually seems kind of strange, and is not documented anywhere.
So....
aaa new-model
then
tacacs-server host x.x.x.x port 40109
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: