Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1117
Views
20
Helpful
6
Replies

IE 3300 TACACS connection not working with code 16.12.03

Go to solution
r1127hyduk
Level 4
Level 4

‎02-23-2022 04:51 PM

 

Seeking IE 3300 TACACS sample configuration - for code 16.12.03

Question - Are there any new requirements for TACACS configuration with this code version noted above (16.12.03)?  We have zero issues with devices running 15.2.7 IOS

 

Current configuration for new IE 3000 models are not working for TACACS 'access' with ISE server 2.7.

 

All tacacs commands are accepted in the IE 3300 code version.  Sample notations listed below....

 

AAA

aaa authentication login default local group tacacs+
aaa authorization exec default local group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 2 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+

 

IP domain-name whatever

ip tacacs source-interface Vlan100

tacacs-server host x.x.x.x
tacacs-server host x.x.x.x
tacacs-server key cannotconnect

 

Solution works with all previous switch versions except new IE3300-8ts2 models that have code version 16.12.03.

 

ISE configuration has tac key and name / ip address of new devices. 500 plus devices work fine.  New IE 3300 devices do not sync with TACACS server.  Looking for any suggestions for device/IOS version noted here.  Thanks for reviews in advance!

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎02-23-2022 06:21 PM

Please do not use 16.12.X.  

Use 17.3.X but avoid 16.12.X.

View solution in original post

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎02-24-2022 06:34 AM

Hello,

 

could be related to 'tacacs-server' being a deprecated command. Try the new syntax:

 

tacacs server
address ipv4 x.x.x.x
key X

View solution in original post

6 Replies 6

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎02-23-2022 05:05 PM

if you looking to use Group of TACACS servers  then Local try below :

 

aaa authentication login default group tacacs+ local

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎02-23-2022 06:21 PM

Please do not use 16.12.X.  

Use 17.3.X but avoid 16.12.X.

0 Helpful

Go to solution
r1127hyduk
Level 4
Level 4
In response to Leo Laohoo

‎02-24-2022 05:47 AM

Hello Leo,
Do you recommend a specific 17.3.x version for the IE3300?

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to r1127hyduk

‎02-24-2022 06:20 AM

we have working environment 16.12.X version they are ok (again depends on requirement) . if you looking to upgrade, Look for  17.3.3 or 4 should be good.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to r1127hyduk

‎02-24-2022 05:58 PM

@r1127hyduk wrote:
Hello Leo,
Do you recommend a specific 17.3.x version for the IE3300?

17.3.4 or 17.3.5. 

Our fleet is on 17.3.4 and we have not encountered any problems.   

Go to solution
Georg Pauwen
VIP
VIP

‎02-24-2022 06:34 AM

Hello,

 

could be related to 'tacacs-server' being a deprecated command. Try the new syntax:

 

tacacs server
address ipv4 x.x.x.x
key X

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card