TACACS Config Problem

Answered Question
Apr 1st, 2008
User Badges:
  • Gold, 750 points or more

Hello Experts,


My CISCO Router 1700 Series. IOS Software version: 12.3(11)T2


I am doing the TACACS Config on my Router but it doesn't work.


I am providing my TACACS Config for Ref only:


tacacs-server host x.x.x.x

tacacs-server host x.x.x.x

tacacs-server host x.x.x.x

tacacs-server directed-request

tacacs-server key cisconet

ip tacacs source-interface Loopback1



line vty 0 4

password cisco

login authentication vty


enable secret cisco

enable password cisco123

username cisco password 0 cisco


aaa new-model

aaa authentication login vty group tacacs+ local

aaa authentication login conuser local

aaa authorization commands 15 default group tacacs+ local

aaa accounting commands 15 default start-stop group tacacs+

aaa session-id common


The Question is:

=================

In this Router Model for the IOS Version mentioned above, under LINE VTY 0 4 the command "login authentication vty" is not supporting. Neverthless, it allows only:

413200(config-line)#login ?

local Local password checking

tacacs Use tacacs server for password checking


If i add, the "login tacacs" i lose my connectivity and TACACS doesn't work.


Can some one provide some Solution for the same. Thanks in Advance for your Help


Best Regards,


Guru Prasad R

Correct Answer by mohammedmahmoud about 9 years 3 months ago

Hi Guru,


After enabling "aaa new-model" the login command under the VTY will differ, make sure to enable "aaa new-model" first, it is a matter of order.


Before:


Router(config-line)#login ?

local Local password checking

tacacs Use tacacs server for password checking



After:


Router(config-line)#login ?

authentication Authentication parameters.

ctrlc-disable Disable CONTROL-C during login.




BR,

Mohammed Mahmoud.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
mohammedmahmoud Tue, 04/01/2008 - 04:50
User Badges:
  • Green, 3000 points or more

Hi Guru,


After enabling "aaa new-model" the login command under the VTY will differ, make sure to enable "aaa new-model" first, it is a matter of order.


Before:


Router(config-line)#login ?

local Local password checking

tacacs Use tacacs server for password checking



After:


Router(config-line)#login ?

authentication Authentication parameters.

ctrlc-disable Disable CONTROL-C during login.




BR,

Mohammed Mahmoud.

guruprasadr Tue, 04/01/2008 - 05:55
User Badges:
  • Gold, 750 points or more

Dear Mohammed,


Thanks for your great help in all the way.


Have Rated your POST. All my TACACS Config working very well.


Best Regards,


Guru Prasad R

mohammedmahmoud Tue, 04/01/2008 - 06:22
User Badges:
  • Green, 3000 points or more

Dear Guru,


You are very welcomed, and thank you very much for the rating.


BR,

Mohammed Mahmoud.

Actions

This Discussion