Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1942
Views
1
Helpful
3
Replies

IOS-XE 4500X TACACS Config

Steven Williams
Level 4
Level 4

‎03-03-2016 12:35 PM - edited ‎03-08-2019 04:49 AM

IOS-XE Software, Catalyst 4500 L3 Switch  Software (cat4500e-UNIVERSALK9-M), Version 03.07.00.E RELEASE SOFTWARE (fc4)

Following this guide which doesn't line up to what I am seeing in the CLI:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/XE3-7-0E/15-23E/configuration/guide/xe-370-configuration/supcfg.html#pgfId-1138705

Switch is accessed on 10.0.0.1/24 (VLAN10) which belongs to vrf 1

ISE is accessed on 10.0.20.60/24 (VLAN20) which belongs to vrf 2

Say within the aaa group server config I am specifying ip vrf 1 and tacacs source interface as vlan 10.

!
tacacs server TACACS
address ipv4 10.20.0.60
key 7 XXXXXXXX

4500X-01(config)#aaa group server tacacs+ TACACS
4500X-01(config)#
Mar 3 14:29:52: TPLUS(00003E83)/0/IDLE/5DC0C420: errno 265 with socket 0 try another server
Mar 3 14:29:52: TPLUS: Invalid Client information received as input
4500X-01(config)#
Mar 3 14:29:52: %AAAA-3-ILLSGNAME: Illegal server-group name TACACS (type tacacs+).

Also more issues:

Mar 3 14:30:11: TPLUS(00003E83)/0/IDLE/5DB7E858: errno 265 with socket 0 try another server
Mar 3 14:30:11: TPLUS: Invalid Client information received as input
Mar 3 14:30:11: TPLUS(00003E83)/0/IDLE/5DB7E858: errno 265 with socket 0 try another server
Mar 3 14:30:11: TPLUS: Invalid Client information received as input
Mar 3 14:30:14: TPLUS(00003E8D)/0/IDLE/5F3724A0: errno 265 with socket 0 try another server
Mar 3 14:30:14: TPLUS: Invalid Client information received as input
Mar 3 14:30:14: TPLUS(00003E8D) login timer stopped
Mar 3 14:30:15: TPLUS(00003E8D)/0/IDLE/5E135EB8: errno 265 with socket 0 try another server
Mar 3 14:30:15: TPLUS: Invalid Client information received as input
Mar 3 14:30:15: TPLUS(00003E8D) login timer stopped
Mar 3 14:30:15: TAC+: Opening TCP/IP to 10.20.0.60/49 timeout=5
Mar 3 14:30:15: TAC+: TCP/IP open to 10.20.0.60/49 failed -- Destination unreachable; gateway or host down
Mar 3 14:30:15: TPLUS(00003E8D)/0/IDLE/5E12B318: errno 265 with socket 0 try another server
Mar 3 14:30:15: TPLUS: Invalid Client information received as input
Mar 3 14:30:15: TAC+: Opening TCP/IP to 10.20.0.60/49 timeout=5
Mar 3 14:30:15: TAC+: TCP/IP open to 10.20.0.60/49 failed -- Destination unreachable; gateway or host down
Mar 3 14:30:15: TPLUS(00003E8D)/0/IDLE/5F40DD58: errno 265 with socket 0 try another server
Mar 3 14:30:15: TPLUS: Invalid Client information received as input
Mar 3 14:30:15: TAC+: Opening TCP/IP to 10.20.0.60/49 timeout=5
Mar 3 14:30:15: TAC+: TCP/IP open to 10.20.0.60/49 failed -- Destination unreachable; gateway or host down
Mar 3 14:30:15: TPLUS(00003E8D)/0/IDLE/5E12B318: errno 265 with socket 0 try another server
Mar 3 14:30:15: TPLUS: Invalid Client information received as input
Mar 3 14:30:16: TAC+: Opening TCP/IP to 10.20.0.60/49 timeout=5
Mar 3 14:30:16: TAC+: TCP/IP open to 10.20.0.60/49 failed -- Destination unreachable; gateway or host down
Mar 3 14:30:16: TPLUS(00003E8D)/0/IDLE/5F40DD58: errno 265 with socket 0 try another server
Mar 3 14:30:16: TPLUS: Invalid Client information received as input
Mar 3 14:30:16: TAC+: Opening TCP/IP to 10.20.0.60/49 timeout=5
Mar 3 14:30:16: TAC+: TCP/IP open to 10.20.0.60/49 failed -- Destination unreachable; gateway or host down
Mar 3 14:30:16: TPLUS(00003E8D)/0/IDLE/5F40DD58: errno 265 with socket 0 try another server
Mar 3 14:30:16: TPLUS: Invalid Client information received as input
Mar 3 14:30:16: TAC+: Opening TCP/IP to 10.20.0.60/49 timeout=5
4500X-01(config)#

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-03-2016 05:31 PM

I tried this on 3.6.4E on IOS-XE, and it seemed to go ok.

I notice you are running 03.07.00.E.  That train is up to 3.7.3E.  At a minimum you should upgrade to the current version in the train you are using.

These are the release notes.

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3650/software/release/3e/release_notes/rn-3dot7e-3650.html

 

0 Helpful

Steven Williams
Level 4
Level 4
In response to Philip D'Ath

‎03-04-2016 06:27 AM

Tried what? The steps in the documentation I posted?
0 Helpful

Keith Kocher
Level 1
Level 1

‎04-06-2024 10:30 AM

I had the same error messages, but your post pointed out that you could select the source vrf under the aaa group server config.  Thanks for that.  

I know you probably solved this years ago, but you should set the vrf to 2 and source-interface to vlan 20.  The vrf that the switch is accessed on is irrelevant. 

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card