Re: using TACACS+ on Catalyst 8000v in AWS

waschminator · ‎09-11-2023

Hello,

i have deployed 2 cat8kv in AWS. i am connecting there with a local user called "admin". now i want to move to tacacs+ but obviously it does not use the tacacs-server...although the connection to the tacacs-server is up (so it states that the tacacs-server is alive).

but whenever i try to connect i get this errormessage? any idea what to do?....it seems it does not use the tacacs-server at all because a debug of tacacs stays empty

ssh -l testuser 1.1.1.1
Permission denied (publickey).

Kanan Huseynli · ‎09-11-2023

Hi,

check for tacacs source, check for configuration on device (do debug authentication meanwhile tacacs), check logs on tacacs server.

Also see this doc from aws:

https://repost.aws/knowledge-center/ec2-linux-fix-permission-denied-errors

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

waschminator · ‎09-12-2023

that is the weird thing. tacacs debug does not show that tacacs get´s used...but aaa is enabled...writing this sentence makes it even more weird...

balaji.bandi · ‎09-11-2023

SSH using admin works ?

But when you enable AAA you getting that error ? - is the admin user still works ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

waschminator · ‎09-12-2023

hi, wehen i enable AAA for tacacs also the admin does not work anymore (it tells me authorization failed).

waschminator · ‎09-12-2023

and i use the same config as for AAA onprem or in GCP.