Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1671
Views
0
Helpful
2
Replies

TACACS Doesn't work via Telnet/Works via Console

rkallas
Level 1
Level 1

‎04-19-2013 09:47 AM - edited ‎03-07-2019 12:55 PM

Hello,

I have a pair of OLD Cat6500's running CatOS:

WS-C6509 Software, Version NmpSW: 7.6(16)

Copyright (c) 1995-2005 by Cisco Systems

NMP S/W compiled on Dec 22 2005, 16:37:19

System Bootstrap Version: 7.1(1)

System Boot Image File is 'bootflash:cat6000-sup2k8.7-6-16.bin'

System Configuration register is 0x2

I know these are no longer supported, but I have to ready them for migration.  Recently a problem began with these switches.  What happens is that when I telnet to them, I cannot authenitcate via TACACS.  This works fine for all our other IOS equipment, just not for these 2 switches. 

The error is:" % Error in authentication"  and then I get kicked back to the login prompt.

The odd thing is that when I connect to the switch via the console port, I can authenticate fine with TACACS.

CMS> /c 14

To disconnect enter: ^X

Buffer scroll mode:

<SPACE>-Next Screen, 1-Scroll All, 2-Skip/Connect, 3-Erase/Connect ...

Buffer data skipped - Port connected.

Username: ca2l

Password:

Core-A-600> (enable

Does anyone have an idea of what may be causing this?

Thanks,

Ray

Labels:
0 Helpful
2 Replies 2

abel.ortgea
Level 1
Level 1

‎04-19-2013 10:02 AM

Hi

1.- check the TACACS group you have define for console and vty sessions is the same,
2.- In your ACS check the log when you try to connect from the 6500 we can have a better idea of what's happening
3.- check your TACACS key password match with the one you have written in your ACS
4.- you need a local user password in your 6500 it maybe was deleted




Sent from Cisco Technical Support iPad App

0 Helpful

glen.grant
VIP Alumni
VIP Alumni
In response to abel.ortgea

‎04-19-2013 10:47 AM

  The setup should look like this .  If you need tacacs on the console obviously turn that on .   

set tacacs server x.x.x.x primary

set tacacs attempts 3

set tacacs directedrequest disable

set tacacs key XXXXXXXXXXXXXXX

set tacacs timeout 3

set authentication login tacacs disable console

set authentication login tacacs enable telnet primary

set authentication login tacacs disable http

set authentication enable tacacs disable console

set authentication enable tacacs enable telnet primary

set authentication enable tacacs disable http

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card