Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
467
Views
0
Helpful
4
Replies

Cannot authenticate via TACACS

Go to solution
Mohammed Faiz Mohiuddin
Level 1
Level 1

‎02-27-2007 07:08 AM - edited ‎03-05-2019 02:35 PM

Dear Netpros,

I am giving these commands on 6506 CatOS :

'set tacacs server 10.10.10.10 primary'

'set tacacs directedrequest enable'

'set tacacs key cisco'

'set tacacs timeout 10'

I cannot authenticate by the TACACS server, is there anything i should add/remove from the config. I can ping the TACACS server from this switch. Any inputs.

TIA

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎02-27-2007 07:59 AM

Mohammed

There might be several issues. The first thing that I would suggest is to look at the TACACS server, look in its logs and reports and verify if it sees the authentication request come in. If it sees the request come in, then how does it respond. Probably it is rejecting the request, and if so why? The answer is probably in the server logs and reports.

In my experience the most common issues in situations such as you describe are either the source address in the request from the Catalyst is not the address configured on the server, or the TACACS key configured on the switch is not the same as the key configured on the server.

Check the server and let us know what you find.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎02-27-2007 09:01 AM

do you have these in your config?

set authentication login tacacs enable telnet primary

set authentication enable tacacs enable telnet primary

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎02-27-2007 07:59 AM

Mohammed

There might be several issues. The first thing that I would suggest is to look at the TACACS server, look in its logs and reports and verify if it sees the authentication request come in. If it sees the request come in, then how does it respond. Probably it is rejecting the request, and if so why? The answer is probably in the server logs and reports.

In my experience the most common issues in situations such as you describe are either the source address in the request from the Catalyst is not the address configured on the server, or the TACACS key configured on the switch is not the same as the key configured on the server.

Check the server and let us know what you find.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎02-27-2007 09:01 AM

do you have these in your config?

set authentication login tacacs enable telnet primary

set authentication enable tacacs enable telnet primary

0 Helpful

Go to solution
Mohammed Faiz Mohiuddin
Level 1
Level 1
In response to glen.grant

‎02-27-2007 10:00 PM

Hi Guys,

I have checked the logs and found this error :

"27/02/2007,17:18:50,Unknown NAS,,,,,,,,10.x.x.100"

Anything else i need to do on the ACS server?

Thanks

0 Helpful

Go to solution
Mohammed Faiz Mohiuddin
Level 1
Level 1
In response to Mohammed Faiz Mohiuddin

‎02-27-2007 10:54 PM

Thanks guys,

I just realized that there was a duplicate entry for that switch on the ACS server under network configuration. As soon as i edited the duplicate entry, the switch started to authenticate from the ACS server.

Regards

Faiz

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card