cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
920
Views
0
Helpful
8
Replies

AAA configuation on CAT 3750

idesofmarch
Level 1
Level 1

Everytime I enter the following AAA commands my switch locks up.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default stop-only group tacacs+

aaa session-id common

1 Accepted Solution

Accepted Solutions

you current session may indeed lock up if you were logged in via local account that doesn't have entry in TACACS or just via line password. Enable first only authentication via TACACS, then relogin using TACACS account, then add authorization.

View solution in original post

8 Replies 8

scottosan
Level 1
Level 1

Do you have the tacas server set up and responding? I don't see anything in the config displaying the Tacacs server information.

As soon as you paste the config in, you can no longer enter commands without the tacacs server permitting you to do so.

Yes the TACACS server is up and running. I just did the same commands to my router and had no issues.

is the tacacs-server host x.x.x.x

anywhere on the switch?

yes here is my switch config

you current session may indeed lock up if you were logged in via local account that doesn't have entry in TACACS or just via line password. Enable first only authentication via TACACS, then relogin using TACACS account, then add authorization.

please see my switch config I posted

Do you have any other switches you can try the config on?

'tacacs-server directed-request' is generally considered to be security risk and you shouldn't include it unless really necessary. Otherwise your config looks fine. Just apply AAA config in the sequence I mentioned and enable authentication also on the console.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: