02-27-2007 07:08 AM - edited 03-05-2019 02:35 PM
Dear Netpros,
I am giving these commands on 6506 CatOS :
'set tacacs server 10.10.10.10 primary'
'set tacacs directedrequest enable'
'set tacacs key cisco'
'set tacacs timeout 10'
I cannot authenticate by the TACACS server, is there anything i should add/remove from the config. I can ping the TACACS server from this switch. Any inputs.
TIA
Solved! Go to Solution.
02-27-2007 07:59 AM
Mohammed
There might be several issues. The first thing that I would suggest is to look at the TACACS server, look in its logs and reports and verify if it sees the authentication request come in. If it sees the request come in, then how does it respond. Probably it is rejecting the request, and if so why? The answer is probably in the server logs and reports.
In my experience the most common issues in situations such as you describe are either the source address in the request from the Catalyst is not the address configured on the server, or the TACACS key configured on the switch is not the same as the key configured on the server.
Check the server and let us know what you find.
HTH
Rick
02-27-2007 09:01 AM
do you have these in your config?
set authentication login tacacs enable telnet primary
set authentication enable tacacs enable telnet primary
02-27-2007 07:59 AM
Mohammed
There might be several issues. The first thing that I would suggest is to look at the TACACS server, look in its logs and reports and verify if it sees the authentication request come in. If it sees the request come in, then how does it respond. Probably it is rejecting the request, and if so why? The answer is probably in the server logs and reports.
In my experience the most common issues in situations such as you describe are either the source address in the request from the Catalyst is not the address configured on the server, or the TACACS key configured on the switch is not the same as the key configured on the server.
Check the server and let us know what you find.
HTH
Rick
02-27-2007 09:01 AM
do you have these in your config?
set authentication login tacacs enable telnet primary
set authentication enable tacacs enable telnet primary
02-27-2007 10:00 PM
Hi Guys,
I have checked the logs and found this error :
"27/02/2007,17:18:50,Unknown NAS,,,,,,,,10.x.x.100"
Anything else i need to do on the ACS server?
Thanks
02-27-2007 10:54 PM
Thanks guys,
I just realized that there was a duplicate entry for that switch on the ACS server under network configuration. As soon as i edited the duplicate entry, the switch started to authenticate from the ACS server.
Regards
Faiz
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide