Weird TACACS+ Issue on Sup32

Unanswered Question
Dec 15th, 2008


We are having issues with our newly installed 6506 switch with Supervisor 32 engine. Whenever we try to telnet to the switch, when we use our TACACS database username and password, we are receiving authorization failure. We discovered the resolution, we need to create the same username locally on the switch. So if for example my TACACS username is jlopez, I need to create a local username of jlopez too. The password that the switch will accept is the tacacs password.

We are wondering why this is happening as we configured the switch with the same configuration as the other switch. The funny part is, when ever the switch asks for the user and pass and you were authenticated, the switch prompt will go directly to privilege mode.

I tried several workarounds though, I created a test account johnlopez, that is member of the full-control group but no local username. The switch gives me authorization failure after entering the initial username and password. I created same username, johnlopez with privilege level 7. I was able to enter my credentials without going directly to privilege mode but instead on user exec mode. Whenever I type the enable to enter privilege mode, it asks for tacacs username and password instead of password only.

I changed my local username to privilege 15. After entering my tacacs username and password on the initial login, it goes directly to privilege mode.

After reading some of the threads here, someone experienced authorization failure after upgrading the switch's IOS. The resolution was he removed the single-connection keyword on his tacacs-server host command.

After removing the single-connection keyword on my switch, it doesn't need to match any local username anymore. I removed the local account johnlopez and tried to telnet again. Now, even without local username johnlopez, the username is being authenticated and it stays in user mode only after the initial login. Whenever I enter privilege mode, it asks for my username and password and I would like to correct this.

Please take note that all the credentials being entered when asked for the username and password is my tacacs account. Also, the aaa configuration and tacacs-server host command were all copied from another switch.

Any thoughts?

Thanks in advance,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Mon, 12/15/2008 - 14:54


Would you post the configuration of the switch? This might help us to identify the cause of the issue.




This Discussion