Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1882
Views
5
Helpful
6
Replies

3.x to Denali Upgrade

royce.varughese
Level 1
Level 1

‎06-24-2019 02:20 AM

We are upgrading switches from 3.x to Denali 16.3.8. After upgrade Tacacs server commands along with key is not accepting as a command. I need to be sure to run all current config on to new code before deploying on other switches. Any help or guidance will be appreciated.

 


385002(config)#tacacs server TACACS_PRIMARY
385002(config-server-tacacs)#key
385002(config-server-tacacs)#key <key>
385002(config-server-tacacs)#address ipv4 <ip>
385002(config-server-tacacs)#exit
Warning: Address not yet configured.

 

Labels:
0 Helpful
6 Replies 6

Mark Malone
VIP Alumni
VIP Alumni

‎06-24-2019 02:33 AM

I just tested it on Denali 16.3.7 its working ok

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 52 WS-C3650-48TS 16.3.7 CAT3K_CAA-UNIVERSALK9 BUNDLE


Configuration register is 0x142 (will be 0x102 at next reload)

xxxxxxx# conf t
Enter configuration commands, one per line. End with CNTL/Z.
xxxxxxx(config)#tacacs ser
xxxxxxx(config)#tacacs server test
xxxxxxx(config-server-tacacs)#key mark
xxxxxxxconfig-server-tacacs)#add ipv4 18.8.8.8
xxxxxxx(config-server-tacacs)#exit
xxxxxxx(config)#exit
0 Helpful

royce.varughese
Level 1
Level 1
In response to Mark Malone

‎06-24-2019 02:38 AM

Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 4 56 WS-C3850-48P 16.3.8 CAT3K_CAA-UNIVERSALK9 INSTALL

 

Doesnt work for me.

 

385002(config-server-tacacs)#exit
Warning: Address not yet configured.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to royce.varughese

‎06-24-2019 02:42 AM

dont see any open bugs for it in the release notes fro 3.8, are your running AAA too in config
have you scrubbed the config completely and tried re-applying it

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/16-3/release_notes/ol-16-3-3850.html#pgfId-1485670
0 Helpful

royce.varughese
Level 1
Level 1
In response to Mark Malone

‎06-24-2019 02:50 AM

Will try re configuring the switch, but AAA was the last thing i configured.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to royce.varughese

‎06-24-2019 02:53 AM

There maybe some tie to AAA and the way its setup once that's running the way you have to configure it , you can try it this way as an option works well for us on the newer IOS-XE packages like denali Everest etc , does the same thing

aaa new-model
!
!
aaa group server tacacs+ xtacacs
server-private x.x.x.x key xxxxxxxxxxxxx
server-private x.x.x.x key xxxxxxxxxxxxx
ip tacacs source-interface X
!
aaa authentication login default group xtacacs local enable
aaa authentication enable default group xtacacs enable
aaa authorization exec default group xtacacs local
aaa accounting exec default start-stop group xtacacs
aaa accounting commands 0 default start-stop group xtacacs
aaa accounting commands 1 default start-stop group xtacacs
aaa accounting commands 15 default start-stop group xtacacs
aaa accounting network default start-stop group xtacacs
aaa accounting connection default start-stop group xtacacs
aaa accounting system default start-stop group xtacacs
0 Helpful

sreeharsha.kamisetty
Level 1
Level 1

‎09-08-2020 12:46 PM

I was able to fix this issue by removing the server IP under ' aaa group server' config and then able to add the server address under 'tacacs server' config and then called this tacacs server under aaa group config, like below - 

!

tacacs server test
address ipv4 10.x.x.x
key 0 123456

!

aaa group server tacacs+ tacacs-grp
server name test

 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card