02-21-2008 06:18 AM - edited 03-03-2019 08:48 PM
Hi,
After changing our config from normal to vrf lite , my taccas is not working, I had same isssue with ntp but assign the config with vrf as below, "2ntp server vrf lite7200 10.190.2.1" and
its start working,Please see my config below for TACCAS,i am not sure whrere I can assign it to vrf.
""aaa authentication login default group tacacs+ line
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated none
aaa accounting suppress null-username
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa session-id common
ip subnet-zero
tacacs-server host 10.1.1.1 single-connection
tacacs-server directed-request ""
----------------
ping vrf lite7200 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
W2-7204VRF-1#ping 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Regards,
02-21-2008 07:17 AM
Try this
Router (config)# aaa group server tacacs+ default
Router (config-sg-tacacs+)# server-private
Router (config-sg-tacacs+)# ip vrf forwarding cisco
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123newft/123t/123t_7/gt_pvt.htm
HTH
Narayan
02-21-2008 07:51 AM
Hi,
Thanks for your response, just not sure about the following command,Do I need this in my config?
Router (config-sg-tacacs+)# server-private
Cos I already have the following commands in my config.
"# tacacs-server host 1.1.1.1
#tacacs-server key test123"
Regards,
02-21-2008 08:06 AM
I dont think it is needed
If it does not work, then configuring it would not hurt :-)
Narayan
02-22-2008 09:22 AM
Hi,
I am still unable to add vrf to tacacs,
Router(config-sg-tacacs+)#?
TACACS+ Server-group commands:
default Set a command to its defaults
exit Exit from TACACS+ server-group confguration mode
no Negate a command or set its defaults
server Specify a TACACS server
Router(config-sg-tacacs+)#Router(config-sg-tacacs+)#ip vrf ?
% Unrecognized command
=-----
I am running IOS
c7200-js-mz.123-23.bin
Regards,
02-22-2008 01:00 PM
As per the feature navigator, the IOS supports per VRF AAA
YOu might need the ip tacacs source-interface
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t13/feature/guide/ftvrfaaa.html
Narayan
02-23-2008 04:59 AM
Hi,
The following command is already configured but I cannot add #ip vrf # command some how, any idea?
#ip tacacs source-interface loopback0#
Regards,
02-25-2008 05:34 AM
Hi ,
I have upgrade my IOS from 12.2 to 12.3 as below but still unable to add ip vrf forwarding command under " aaa group server tacacs+ tacacs1"
Please can anyone shed a light on this issue?
--------
Router(config-sg-tacacs+)#?
TACACS+ Server-group commands:
default Set a command to its defaults
exit Exit from TACACS+ server-group confguration mode
no Negate a command or set its defaults
server Specify a TACACS server
Cisco Internetwork Operating System Software
IOS (tm) 7200 Software (C7200-JS-M), Version 12.3(25), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-2008 by cisco Systems, Inc.
Compiled Tue 29-Jan-08 00:17 by alnguyen
ROM: System Bootstrap, Version 12.2(8r)B, RELEASE SOFTWARE (fc1)
BOOTLDR: 7200 Software (C7200-JS-M), Version 12.2(14)S, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1)
Router uptime is 0 minutes
System returned to ROM by reload at 15:23:43 UTC Sat Dec 18 2004
System image file is "disk2:c7200-js-mz.123-25.bin"
02-25-2008 05:56 AM
HI Rafiq,
I hope the below link will help you:
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gt_laas.html
Pls Rate if Helps
Best Regards,
Guru Prasad R
02-25-2008 06:48 AM
I have upgrade the image to 12.3 (14T), and its working now.
Thanks for all the people who respose to this mail.
Regards,
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: