04-08-2008 12:45 PM - edited 03-10-2019 03:46 PM
Are the commands different from router to router?
This is what I currently have:
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization exec default if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
tacacs-server host 172.16.6.3
tacacs-server host 172.16.16.3
tacacs-server timeout 60
tacacs-server directed-request
tacacs-server key xxxxxxxxxx
It works on my 2621's like a charm but my 2811's it won't allow my to login in as my domain account just the backup local account I have.
I am a rookie to this so please be gentle. Thanks in advance for any help you can give me...
04-08-2008 11:19 PM
Hi,
Yes they are diffrent.
Example:
tacacs-server host 1.5.3.2 key cisco_key
tacacs-server directed-request
radius-server source-ports 1645-1646
Regadrs Jan
04-09-2008 12:34 PM
Just a clarification...
We are using 2811 and 2801 at remote locations and have been trying to use the tacacs-server options as well. Are you saying that we need to configure it as a radius-server even if we are only using the tacacs options?
I just want to make sure prior to delving into radius as we have not used that at all since we are only communicating between routers for multi user authentication.
Thanks,
Jon Gauntt
04-09-2008 01:09 PM
In layer 3 devices we also need to define tacacs source interface so that it uses only that interface for sending tacacs request to acs.
AAA-Switch(config)#ip tacacs source-interface (vlan or loopback or gigabit interface)
In above command we need to define the interface that is listed in acs--->network configuration--->Router.
Let me know if you have any question.
Regards,
~JG
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: