Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1273
Views
0
Helpful
1
Replies

Syslog AAA-3 error

smithmic2
Level 1
Level 1

‎04-12-2013 11:05 AM - edited ‎03-07-2019 12:47 PM

Greetings,

Just starting to learn cisco switches and routers.

I just configured syslog and all looks good except I get an error on my 2 3130s whenever I log in,

Error is: %AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type tacacs+ (UNKNOWN)

Set up:

Dell M600 blade connected to the 3130's (in an M1000E chassis).

3130s are connected straight to my Cat 3750 for access to my SAN.

This a purely flat network and does not touch a domain or external network.

There is NO authentication server involved in this setup as it is a private/flat network (is aaa authentication even neccessary?).  I am wary to change anything though because this network was configured my folks much smarter than myself at this kind.  I'm merely attempting to understand and reverse engineer as I learn.  Thanks for your help.

Current configuration : 7337 bytes

!

version 15.0

no service pad

service tcp-keepalives-in

service timestamps debug uptime

service timestamps log datetime localtime

service password-encryption

!

hostname iSCSI_B1

!

boot-start-marker

boot-end-marker

!

no logging console

!

username xxx.xxx privilege 15 password 7 xxxxx

!

aaa new-model

!

!

aaa authentication login default group tacacs+ local

aaa authentication login Console_auth group tacacs+ local

aaa authentication login Line_auth group tacacs+ local

aaa authorization exec default group tacacs+ local if-authenticated

aaa accounting exec default start-stop group tacacs+

!

!

aaa session-id common

switch 1 provision ws-cbs3130x-s-f

system mtu routing 1500

!

!

no ip domain-lookup

!

!

crypto pki trustpoint TP-self-signed-xxxx

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-xxxx

revocation-check none

rsakeypair TP-self-signed-xxxx

!

!

crypto pki certificate chain TP-self-signed-xxxx

certificate self-signed 01

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

vlan internal allocation policy ascending

!

ip ssh time-out 60

ip ssh version 2

!

!

interface Port-channel10

switchport trunk native vlan 20

switchport mode trunk

!

interface FastEthernet0

no ip address

!

interface GigabitEthernet1/0/1

switchport access vlan 20

switchport mode access

!

---THROUGH---

!

interface GigabitEthernet1/0/24

switchport access vlan 20

switchport mode access

!

interface TenGigabitEthernet1/0/1

!

interface TenGigabitEthernet1/0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan20

ip address xxx.xxx.xxx.xxx 255.255.255.0

!

ip http server

ip http secure-server

!

logging xxx.xxx.xxx.xxx

logging xxx.xxx.xxx.xxx

access-list 3 permit xxx.xxx.xxx.xxx log

access-list 3 permit xxx.xxx.xxx.xxx log

cdp timer 50

cdp holdtime 120

!

!

line con 0

password 7 xxxx

line vty 0 4

password 7 xxxx

length 0

transport input ssh

line vty 5 15

password 7 xxxx

transport input ssh

!

end

Labels:
0 Helpful
1 Reply 1

smithmic2
Level 1
Level 1

‎04-12-2013 12:33 PM

I've got it.  Network guys did plugin the aaa lines as part of a default config.  I do not need them for my network.

Although did learn some stuff negotiating through the aaa config parameters.

Cheers.

0 Helpful
Customers Also Viewed These Support Documents