Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
711
Views
9
Helpful
9
Replies

TACCAS issue

mohammedrafiq
Level 1
Level 1

‎02-21-2008 06:18 AM - edited ‎03-03-2019 08:48 PM

Hi,

After changing our config from normal to vrf lite , my taccas is not working, I had same isssue with ntp but assign the config with vrf as below, "2ntp server vrf lite7200 10.190.2.1" and

its start working,Please see my config below for TACCAS,i am not sure whrere I can assign it to vrf.

""aaa authentication login default group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated none

aaa accounting suppress null-username

aaa accounting exec default stop-only group tacacs+

aaa accounting commands 15 default stop-only group tacacs+

aaa session-id common

ip subnet-zero

tacacs-server host 10.1.1.1 single-connection

tacacs-server directed-request ""

----------------

ping vrf lite7200 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

W2-7204VRF-1#ping 10.1.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

Regards,

Labels:
0 Helpful
9 Replies 9

royalblues
Level 10
Level 10

‎02-21-2008 07:17 AM

Try this

Router (config)# aaa group server tacacs+ default

Router (config-sg-tacacs+)# server-private port 19 key

Router (config-sg-tacacs+)# ip vrf forwarding cisco

http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gt_pvt.htm

HTH

Narayan

0 Helpful

mohammedrafiq
Level 1
Level 1
In response to royalblues

‎02-21-2008 07:51 AM

Hi,

Thanks for your response, just not sure about the following command,Do I need this in my config?

Router (config-sg-tacacs+)# server-private port 19 key

Cos I already have the following commands in my config.

"# tacacs-server host 1.1.1.1

#tacacs-server key test123"

Regards,

0 Helpful

royalblues
Level 10
Level 10
In response to mohammedrafiq

‎02-21-2008 08:06 AM

I dont think it is needed

If it does not work, then configuring it would not hurt :-)

Narayan

mohammedrafiq
Level 1
Level 1
In response to royalblues

‎02-22-2008 09:22 AM

Hi,

I am still unable to add vrf to tacacs,

Router(config-sg-tacacs+)#?

TACACS+ Server-group commands:

default Set a command to its defaults

exit Exit from TACACS+ server-group confguration mode

no Negate a command or set its defaults

server Specify a TACACS server

Router(config-sg-tacacs+)#Router(config-sg-tacacs+)#ip vrf ?

% Unrecognized command

=-----

I am running IOS

c7200-js-mz.123-23.bin

Regards,

0 Helpful

royalblues
Level 10
Level 10
In response to mohammedrafiq

‎02-22-2008 01:00 PM

As per the feature navigator, the IOS supports per VRF AAA

YOu might need the ip tacacs source-interface command as per your configuration. Also can you try adding the server-private command to the config to see whether it helps?

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftvrfaaa.html

Narayan

0 Helpful

mohammedrafiq
Level 1
Level 1
In response to royalblues

‎02-23-2008 04:59 AM

Hi,

The following command is already configured but I cannot add #ip vrf # command some how, any idea?

#ip tacacs source-interface loopback0#

Regards,

0 Helpful

mohammedrafiq
Level 1
Level 1
In response to mohammedrafiq

‎02-25-2008 05:34 AM

Hi ,

I have upgrade my IOS from 12.2 to 12.3 as below but still unable to add ip vrf forwarding command under " aaa group server tacacs+ tacacs1"

Please can anyone shed a light on this issue?

--------

Router(config-sg-tacacs+)#?

TACACS+ Server-group commands:

default Set a command to its defaults

exit Exit from TACACS+ server-group confguration mode

no Negate a command or set its defaults

server Specify a TACACS server

Cisco Internetwork Operating System Software

IOS (tm) 7200 Software (C7200-JS-M), Version 12.3(25), RELEASE SOFTWARE (fc1)

Copyright (c) 1986-2008 by cisco Systems, Inc.

Compiled Tue 29-Jan-08 00:17 by alnguyen

ROM: System Bootstrap, Version 12.2(8r)B, RELEASE SOFTWARE (fc1)

BOOTLDR: 7200 Software (C7200-JS-M), Version 12.2(14)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)

Router uptime is 0 minutes

System returned to ROM by reload at 15:23:43 UTC Sat Dec 18 2004

System image file is "disk2:c7200-js-mz.123-25.bin"

0 Helpful

guruprasadr
Level 7
Level 7
In response to mohammedrafiq

‎02-25-2008 05:56 AM

HI Rafiq,

I hope the below link will help you:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_laas.html

Pls Rate if Helps

Best Regards,

Guru Prasad R

mohammedrafiq
Level 1
Level 1
In response to guruprasadr

‎02-25-2008 06:48 AM

I have upgrade the image to 12.3 (14T), and its working now.

Thanks for all the people who respose to this mail.

Regards,

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card