Cannot login to 6509 with TACACS any longer

Unanswered Question
May 11th, 2007

I have two 6509 switches that were in TACACS as router and switches (duplicate entries).

I removed all entries and re-entered to change the naming convention.

I used the same parameters, but just used a different name for the switches.

Now I get failed attempts using different TACACS accounts. The Accounts are good, because I can get into everything else.

I did the same thing with a couple of other switches with no problem.

Where should I start looking?

Are there any logs that show the reason for the failed attempts?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
royalblues Sat, 05/12/2007 - 07:24

Can you run a debug aaa authentication and see what it shows

Narayan

Jagdeep Gambhir Sat, 05/12/2007 - 07:35

Do you get any hits in acs failed attempts ? Along with "debug aaa authentication" also get "deubg tacacs".

Most of the time issue is with ip tacacs source interface.

The switch should use IP address as source address for tacacs which is defined in acs --->aaa clients.

Regards,

Actions

This Discussion