04-12-2013 11:05 AM - edited 03-07-2019 12:47 PM
Greetings,
Just starting to learn cisco switches and routers.
I just configured syslog and all looks good except I get an error on my 2 3130s whenever I log in,
Error is: %AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type tacacs+ (UNKNOWN)
Set up:
Dell M600 blade connected to the 3130's (in an M1000E chassis).
3130s are connected straight to my Cat 3750 for access to my SAN.
This a purely flat network and does not touch a domain or external network.
There is NO authentication server involved in this setup as it is a private/flat network (is aaa authentication even neccessary?). I am wary to change anything though because this network was configured my folks much smarter than myself at this kind. I'm merely attempting to understand and reverse engineer as I learn. Thanks for your help.
Current configuration : 7337 bytes
!
version 15.0
no service pad
service tcp-keepalives-in
service timestamps debug uptime
service timestamps log datetime localtime
service password-encryption
!
hostname iSCSI_B1
!
boot-start-marker
boot-end-marker
!
no logging console
!
username xxx.xxx privilege 15 password 7 xxxxx
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication login Console_auth group tacacs+ local
aaa authentication login Line_auth group tacacs+ local
aaa authorization exec default group tacacs+ local if-authenticated
aaa accounting exec default start-stop group tacacs+
!
!
aaa session-id common
switch 1 provision ws-cbs3130x-s-f
system mtu routing 1500
!
!
no ip domain-lookup
!
!
crypto pki trustpoint TP-self-signed-xxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxx
revocation-check none
rsakeypair TP-self-signed-xxxx
!
!
crypto pki certificate chain TP-self-signed-xxxx
certificate self-signed 01
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh version 2
!
!
interface Port-channel10
switchport trunk native vlan 20
switchport mode trunk
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 20
switchport mode access
!
---THROUGH---
!
interface GigabitEthernet1/0/24
switchport access vlan 20
switchport mode access
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address xxx.xxx.xxx.xxx 255.255.255.0
!
ip http server
ip http secure-server
!
logging xxx.xxx.xxx.xxx
logging xxx.xxx.xxx.xxx
access-list 3 permit xxx.xxx.xxx.xxx log
access-list 3 permit xxx.xxx.xxx.xxx log
cdp timer 50
cdp holdtime 120
!
!
line con 0
password 7 xxxx
line vty 0 4
password 7 xxxx
length 0
transport input ssh
line vty 5 15
password 7 xxxx
transport input ssh
!
end
04-12-2013 12:33 PM
I've got it. Network guys did plugin the aaa lines as part of a default config. I do not need them for my network.
Although did learn some stuff negotiating through the aaa config parameters.
Cheers.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide