05-11-2007 05:56 PM - edited 03-10-2019 03:09 PM
I have two 6509 switches that were in TACACS as router and switches (duplicate entries).
I removed all entries and re-entered to change the naming convention.
I used the same parameters, but just used a different name for the switches.
Now I get failed attempts using different TACACS accounts. The Accounts are good, because I can get into everything else.
I did the same thing with a couple of other switches with no problem.
Where should I start looking?
Are there any logs that show the reason for the failed attempts?
05-12-2007 07:24 AM
Can you run a debug aaa authentication and see what it shows
Narayan
05-12-2007 07:35 AM
Do you get any hits in acs failed attempts ? Along with "debug aaa authentication" also get "deubg tacacs".
Most of the time issue is with ip tacacs source interface.
The switch should use IP address as source address for tacacs which is defined in acs --->aaa clients.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: