02-23-2018 05:44 AM - edited 03-08-2019 02:00 PM
I re-ip sub-interface g0/0.1 from let's say 192.168.0.1 to 10.10.10.1. Now device no longer authenticates to TACACs and it did with no issues before. Server IS STILL pingable. Any help? See applicable configs below.
aaa new-model
aaa authentication login default group tacacs+ local line enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
ip tacacs source-interface g0/2
ip tacacs server host 192.168.0.50
ip tacacs-server key 7 XXXXXXXXX
02-28-2018 10:49 AM
02-28-2018 11:46 AM
Hello,
try and delete the entire TACACS configuration from your device (including no aaa new-model), reload the device, and re-enter everything.
02-28-2018 11:49 AM
Am I understanding correctly that traceroute to the tacacs server from this router gets a response from the next hop router but no responses beyond that and that traceroute to the tacacs server from the next hop router is successful? That would be pretty odd and perhaps suggests that there is some security policy on the next hop router that is impacting connectivity.
Could you clarify what the network topology is between this router and the tacacs server. If the tacacs server is 192.168.0.50 and if the interface that you changed was 192168.0.1 then it seems that the tacacs server was in the local subnet. But with the interface change that would no longer be true. What is the topology and the network path now?
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide