I am configuring Cisco CSS as a TACACS client. The state is Alive, but i still can't login CSS through TACACS+ authorization.
The TACACS side should be OK, because several cisco switches were added successfully.
My config:
virtual authentication primary tacacs
virtual authentication secondary local
tacacs-server 10.0.100.198 49 5 "key" primary
CSS11503# sh tacacs-server
Per-Server Status:
IP/Port State Primary Authen. Author. Account
------- ----- ------- ------- ------- ------
10.0.100.198:49 Alive Yes 14 0 0
Totals: 14 0 0
Per-Server Configuration:
IP/Port Key Server Timeout Server Frequency
------- --- -------------- ----------------
10.0.100.198:49 Configured 5 None
Global Configuration Parameters:
Global Timeout: 5
Global KAL Frequency: 5
Global Key: Not Configured
Authorize Config Commands: No
Authorize Non-Config Commands: No
Account Config Commands: No
Account Non-Config Commands: No
Send Full Command: Yes
Any advice would much appreciate !