Need urgent help

Unanswered Question
Mar 1st, 2010
User Badges:

Hi,


I have remote office having router and VPN to my mainoffice.

TACACS server sitting at mainoffice

When I am try integration my remote office router with TACACS(sitting at main office). its not working.


My question is can i integrate remore office router(having tunnel to mainoffice) with TACACS?

TACACS encrypted traffic will pass thru the tunnel.? Here is config for the same..Do ineed to add any addtional line for passing TACACS traffic thru tunnel...(offcourse TACACS server IP added in the config)


aaa authentication login default group tacacs+ local
aaa authentication enable default none
aaa authentication ppp default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+





Regards

Sateesh kumar.k

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
georgedipu Mon, 03/01/2010 - 21:16
User Badges:

Hi Sateesh,

Please check the below once

1) Tacacs key configured on the Router and ACS server should be same

2) are you able to reach the ACS from the Router

3) Since you are not able to loging via ACS, are you able to connect to the router through the line mode

4) run the debug commands like debugg tacacs events or debugg aaa ?

if possible please paste you entire Routers AAA config
Regards

Dipu

Vijayalakshmi.p... Mon, 03/01/2010 - 21:32
User Badges:

Yes.. TACACS configure will vary.


Check the below link.


http://www.cisco.com/en/US/docs/ios/sec_user_services/configuration/guide/sec_per_vrf_aaa.html


aaa group server tacacs+ tacacs_vrf_name
server-private IP key KeyID
ip vrf forwarding VRFNAME
ip tacacs source-interface Intname

aaa authentication login default group tacacs_vrf_name group tacacs+ line enable
aaa authentication login no_tacacs none
aaa authentication enable default group tacacs_vrf_name group tacacs+ enable none
aaa authentication ppp default local
aaa authorization commands 15 default group tacacs_vrf_name group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs_vrf_name group tacacs+
aaa accounting commands 15 default start-stop group tacacs_vrf_name group tacacs+
aaa accounting network default start-stop group tacacs_vrf_name group tacacs+
aaa accounting connection default start-stop group tacacs_vrf_name group tacacs+
aaa accounting system default start-stop group tacacs_vrf_name group tacacs+

Ganesh Hariharan Tue, 03/02/2010 - 03:13
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,


I have remote office having router and VPN to my mainoffice.

TACACS server sitting at mainoffice

When I am try integration my remote office router with TACACS(sitting at main office). its not working.


My question is can i integrate remore office router(having tunnel to mainoffice) with TACACS?

TACACS encrypted traffic will pass thru the tunnel.? Here is config for the same..Do ineed to add any addtional line for passing TACACS traffic thru tunnel...(offcourse TACACS server IP added in the config)


aaa authentication login default group tacacs+ local
aaa authentication enable default none
aaa authentication ppp default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+





Regards

Sateesh kumar.k


Hi Sateesh,


Yes you can integarte the remote office router with you TACAS server for that you should have proper connectivity and reachbilty on ports TCP port 49 between TACAS server and Clients.


Just also mention the source interface through which the packets will be going to tacas server also by the following command ip tacacs source-interface


hope that helps


Remember to rate the useful post


Ganesh.H

Actions

This Discussion