Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
809
Views
0
Helpful
2
Replies

Tacacs on Alternate Port

Go to solution
laneygypsy
Level 1
Level 1

‎08-25-2016 06:04 PM - edited ‎03-05-2019 04:34 AM

Having problem on with tacacs server commands for alternate port.

I do not have the available commands on my router what is the trick?

c1900-universalk9-mz.SSA-eng-sp-153-3.M1.bin

ipbase ipbasek9 Permanent ipbasek9

ISSUE:

This is what i get for commands:

router(config)#tacacs-server host 1.1.1.1 ?
<cr>

This is what I NEED to get:

router(config)#tacacs-server host 1.1.1.1 ?
key                                per-server encryption key (overrides default)
nat                                To send client's post NAT address to tacacs+ server
port                               TCP port for TACACS+ server (default is 49)
single-connection         Multiplex all packets over a single tcp connection to server (for CiscoSecure)
timeout                         Time to wait for this TACACS server to reply (overrides default)
<cr>

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Karsten Iwen
VIP
VIP

‎08-25-2016 11:34 PM

You are using the legacy config. Try the new config-style:

core1(config)#tacacs server ISE1
core1(config-server-tacacs)#?
TACACS server sub-mode commands:
 address           Specify ip address for tacacs server
 exit              Exit from TACACS server configuration mode
 key               per-server encryption key (overrides default)
 no                Negate a command or set its defaults
 port              TCP port for TACACS+ server (default is 49)
 send-nat-address  To send client's post NAT address to tacacs+ server
 single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
 timeout           Time to wait for this TACACS server to reply (overrides default)

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Karsten Iwen
VIP
VIP

‎08-25-2016 11:34 PM

You are using the legacy config. Try the new config-style:

core1(config)#tacacs server ISE1
core1(config-server-tacacs)#?
TACACS server sub-mode commands:
 address           Specify ip address for tacacs server
 exit              Exit from TACACS server configuration mode
 key               per-server encryption key (overrides default)
 no                Negate a command or set its defaults
 port              TCP port for TACACS+ server (default is 49)
 send-nat-address  To send client's post NAT address to tacacs+ server
 single-connection Multiplex all packets over a single tcp connection to server (for CiscoSecure)
 timeout           Time to wait for this TACACS server to reply (overrides default)
0 Helpful

Go to solution
laneygypsy
Level 1
Level 1

‎08-26-2016 07:30 AM

Actually I did not realize but I needed to add "aaa new-model" prior to adding the tacacs servers.

Which actually seems kind of strange, and is not documented anywhere.

So....

aaa new-model

then 

tacacs-server host x.x.x.x port 40109

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card