cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
0
Helpful
3
Replies

Catalyst 3750X is caching Tacacs password or not asking for password.

sbreuercc
Level 1
Level 1

Hello,

the following information before:

Switch:  WS-C3750X-48P   (Stack with 2 Members)

IOS:      12.2(58)SE2

Lic:       IPBASEK9

uptime:  rebooted this night

Switch Ports Model              SW Version            SW Image

------ ----- -----              ----------            ----------

*    1 54    WS-C3750X-48P      12.2(58)SE2           C3750E-IPBASEK9-M

     2 54    WS-C3750X-48P      12.2(58)SE2           C3750E-IPBASEK9-M

config for tacacs:

tacacs-server host <primary ACS>

tacacs-server host <secondary ACS>

tacacs-server timeout 3

tacacs-server directed-request

tacacs-server key 7 <my-key>

aaa config:

aaa new-model

aaa group server tacacs+ <MY-GROUP>

aaa authentication login default group <MY-GROUP> local

aaa authentication login noTAC none

aaa authorization exec default group <MY-GROUP> none

aaa accounting exec default start-stop group <MY-GROUP>

aaa accounting commands 1 default start-stop group <MY-GROUP>

aaa accounting commands 2 default start-stop group <MY-GROUP>

aaa accounting commands 3 default start-stop group <MY-GROUP>

aaa accounting commands 4 default start-stop group <MY-GROUP>

aaa accounting commands 5 default start-stop group <MY-GROUP>

aaa accounting commands 6 default start-stop group <MY-GROUP>

aaa accounting commands 7 default start-stop group <MY-GROUP>

aaa accounting commands 8 default start-stop group <MY-GROUP>

aaa accounting commands 9 default start-stop group <MY-GROUP>

aaa accounting commands 10 default start-stop group <MY-GROUP>

aaa accounting commands 11 default start-stop group <MY-GROUP>

aaa accounting commands 12 default start-stop group <MY-GROUP>

aaa accounting commands 13 default start-stop group <MY-GROUP>

aaa accounting commands 14 default start-stop group <MY-GROUP>

aaa accounting commands 15 default start-stop group <MY-GROUP>

aaa accounting connection default start-stop group <MY-GROUP>

aaa accounting system default start-stop group <MY-GROUP>

aaa session-id common

Since i added another Member to the Stack, i'm facing the following problem:

When i login with my tacacs user account, i will not be asked for the password.

The same thing is for the tacacs account of my colleague, after entering the username he is logged in.

It seems for me, that the passwords are cached only for this Switch.

Is there any known bug in the ios or maybe any configuration problem?

Best regards

stefan

3 Replies 3

sbreuercc
Level 1
Level 1

solve via Tac Case.

hi,

was it a bug? i only ask as we used the same software version. cheers

no, there was a misconfiguration on the vty lines.

no software bug.

Review Cisco Networking for a $25 gift card