tacacs not working on a few switches

tpacjer · ‎11-13-2008

i have 3 switches where the tacacs is not working on them 1 is a 3750, 2 4506.

local loging will not work either.

the same tacacs configs are on every switch over 100 and only 3 are unable to authenticate.

Any ideas would be nice.

glen.grant · ‎11-13-2008

For logging it should be as simple "logging buffered informational . Run a tacacs debug and see why its not replying etc..

incorrect password etc...

tpacjer · ‎11-13-2008

i meant to say local login would not work but i will run the debug to see what happens.

thx

Richard Burts · ‎11-13-2008

Jeremy

A good thing to do to investigate this kind of problem is to look in the logs of the TACACS server. Did the server see the authentication request? Did the server have a problem about the request? In the ACS server you would look in the failed attempts report for this information.

In my experience a very common cause of this problem is that the switch is not using the address as source for the authentication request that matches the address configured on the server. Typically the server is configured to use the management address of the switch but the switch is using the address of one of the data vlans as the source. The solution is to use the ip tacacs source-address command on the switch to specify which address to use.

HTH

Rick

HTH

Rick

johnlloyd_13 · ‎11-13-2008

are your switch configured for AAA? can you post your aaa and logging config? also try to do a debug as what glen have mentioned.