tacacs not working on a few switches

Unanswered Question
Nov 13th, 2008

i have 3 switches where the tacacs is not working on them 1 is a 3750, 2 4506.

local loging will not work either.

the same tacacs configs are on every switch over 100 and only 3 are unable to authenticate.

Any ideas would be nice.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
glen.grant Thu, 11/13/2008 - 06:32

For logging it should be as simple "logging buffered informational . Run a tacacs debug and see why its not replying etc..

incorrect password etc...

tpacjer Thu, 11/13/2008 - 06:58

i meant to say local login would not work but i will run the debug to see what happens.


Richard Burts Thu, 11/13/2008 - 10:31


A good thing to do to investigate this kind of problem is to look in the logs of the TACACS server. Did the server see the authentication request? Did the server have a problem about the request? In the ACS server you would look in the failed attempts report for this information.

In my experience a very common cause of this problem is that the switch is not using the address as source for the authentication request that matches the address configured on the server. Typically the server is configured to use the management address of the switch but the switch is using the address of one of the data vlans as the source. The solution is to use the ip tacacs source-address command on the switch to specify which address to use.



johnlloyd_13 Thu, 11/13/2008 - 18:39

are your switch configured for AAA? can you post your aaa and logging config? also try to do a debug as what glen have mentioned.


This Discussion