Here is my Switch configuration related to AAA aaa new-model ! aaa authentication login default group tacacs+ local aaa authentication login console none aaa authorization exec default group tacacs+ none ! aaa session-id common ! username admin password 0 admin ! ! no ip http server no ip http secure-server ! tacacs-server host 192.168.32.129 key ummer123 ! line con 0 exec-timeout 0 0 logging synchronous login authentication console After Debug aaa authentication and debug tacacs authentication i got these messages on switch Mar 1 00:52:45.867: AAA/BIND(0000000F): Bind i/f *Mar 1 00:52:45.871: AAA/AUTHEN/LOGIN (0000000F): Pick method list 'default' *Mar 1 00:52:45.879: TPLUS: Queuing AAA Authentication request 15 for processing *Mar 1 00:52:45.883: TPLUS: processing authentication start request id 15 *Mar 1 00:52:45.883: TPLUS: Authentication start packet created for 15() *Mar 1 00:52:45.887: TPLUS: Using server 192.168.32.129 *Mar 1 00:52:45.891: TPLUS(0000000F)/0/NB_WAIT/64565BE4: Started 5 sec timeout R1#end *Mar 1 00:52:50.891: TPLUS(0000000F)/0/NB_WAIT/64565BE4: timed out *Mar 1 00:52:50.891: TPLUS(0000000F)/0/NB_WAIT/64565BE4: timed out, clean up *Mar 1 00:52:50.891: TPLUS(0000000F)/0/64565BE4: Processing the reply packet I think my requests are not going to Tacacs server, whereas ping is successful to that server from switch. What could be the issue ?
... View more
Thanks for your time and help. I want to ask something, does Tacacs+ server run on Windows 7 ? I used these equipments for the basic scenario. Win 7 - Tacacs+ Server (CiscoSecure ACS 4.2) Win Xp - a user Catalyst 3550 Switch I made a simple setup of making my laptop (Win 7) as Tacacs+ server, connecting it to the switch ethernet port. Then i connected another (win xp) laptop of same IP class to the switch. Both Laptops were pingable to eachother via switch. Now i gave these commands on the switch aaa new-model tacacs-server host 172.16.11.15 key ummer123 aaa authentication login default group tacacs+ local aaa authorization exec default group tacacs+ none aaa authorization commands 15 default group tacacs+ none aaa authorization config-commands aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ user admin password admin aaa authentication login console none Line console 0 login authentication console I was told to implement above commands as I am new to this. Now when i telnet my switch from (Win xp) Laptop, it asks Username and Password. But it only accept admin admin as user & pass respectively. I created users in the Tacacs+ server but i dont think it is communicating. What could be the fault ? Are my commands correct ? Plz Reply ! Thanks.
... View more