11-13-2008 06:29 AM - edited 03-06-2019 02:28 AM
i have 3 switches where the tacacs is not working on them 1 is a 3750, 2 4506.
local loging will not work either.
the same tacacs configs are on every switch over 100 and only 3 are unable to authenticate.
Any ideas would be nice.
11-13-2008 06:32 AM
For logging it should be as simple "logging buffered informational
incorrect password etc...
11-13-2008 06:58 AM
i meant to say local login would not work but i will run the debug to see what happens.
thx
11-13-2008 10:31 AM
Jeremy
A good thing to do to investigate this kind of problem is to look in the logs of the TACACS server. Did the server see the authentication request? Did the server have a problem about the request? In the ACS server you would look in the failed attempts report for this information.
In my experience a very common cause of this problem is that the switch is not using the address as source for the authentication request that matches the address configured on the server. Typically the server is configured to use the management address of the switch but the switch is using the address of one of the data vlans as the source. The solution is to use the ip tacacs source-address command on the switch to specify which address to use.
HTH
Rick
11-13-2008 06:39 PM
are your switch configured for AAA? can you post your aaa and logging config? also try to do a debug as what glen have mentioned.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: