04-17-2018 03:06 AM - edited 03-08-2019 02:41 PM
Hi,
maybe a simple thing but I dont´t find a solution. Can anyone help me?
We use a Clearpass for client and switch authentication and everything worked fine, since I tried to bypass the tacacs authentication on the console port on a 3850.
If I try to login via console, I get the error "Tacacs session has expired.Please re-login to continue." I don´t understand why, since I bypass tacacs authentication on the console port. The local user exists but it looks like the switch still tries to authenticate via tacacs.
What I configured is:
aaa group server tacacs+ TAC_PLUS server name CPPM-LOGIN ! aaa authentication login default group TAC_PLUS local aaa authentication login CON0 local aaa authentication enable default group TAC_PLUS enable aaa authentication dot1x default group radius aaa authorization console aaa authorization config-commands aaa authorization exec default local group tacacs+ aaa authorization exec CON local aaa authorization exec VTY group TAC_PLUS local if-authenticated aaa authorization commands 1 VTY group TAC_PLUS local if-authenticated aaa authorization commands 15 VTY group TAC_PLUS local if-authenticated aaa authorization network default group radius aaa accounting exec default start-stop group TAC_PLUS aaa accounting commands 1 default start-stop group TAC_PLUS aaa accounting commands 15 default start-stop group TAC_PLUS
Can anybody help me?
Best regards
Christian
04-17-2018 03:27 AM
Hi there,
What does the config of line con 0 look like?
cheers,
Seb.
04-17-2018 04:17 AM - edited 04-17-2018 04:18 AM
Sorry, I forgot to post that :-).
line con 0 password 7 ... authorization exec CON logging synchronous login authentication CON0 stopbits 1
Best regards
Christian
01-27-2020 10:30 PM
Hi,
Please post the solution if find success.
Thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide