Cannot login to 6509 with TACACS any longer

Unanswered Question
May 11th, 2007
User Badges:

I have two 6509 switches that were in TACACS as router and switches (duplicate entries).

I removed all entries and re-entered to change the naming convention.

I used the same parameters, but just used a different name for the switches.

Now I get failed attempts using different TACACS accounts. The Accounts are good, because I can get into everything else.

I did the same thing with a couple of other switches with no problem.

Where should I start looking?

Are there any logs that show the reason for the failed attempts?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
royalblues Sat, 05/12/2007 - 07:24
User Badges:
  • Green, 3000 points or more

Can you run a debug aaa authentication and see what it shows


Jagdeep Gambhir Sat, 05/12/2007 - 07:35
User Badges:
  • Red, 2250 points or more

Do you get any hits in acs failed attempts ? Along with "debug aaa authentication" also get "deubg tacacs".

Most of the time issue is with ip tacacs source interface.

The switch should use IP address as source address for tacacs which is defined in acs --->aaa clients.



This Discussion