I am trying to do a simple switch TACACS+ authentication via the ACS Express.
ACS Express - 5.0
IP address (172.16.4.10)
Core Switch - Catalyst 4948
vlan 1 (188.8.131.52)
vlan 10 (172.16.4.1)
Access Switch - Catalyst 3560
vlan 1 (184.108.40.206)
On ACS Express:
-core switch device is being created using the ip 220.127.116.11
-access switch device is being creted using ip 18.104.22.168
Unfortunately i am unable to authenticate. It shows authentication failed when i tried to login to both core & access switches.
-Tried to change the core switch device ip to 172.16.4.1, it seems to work - when i telnet to both 172.16.4.1 & 22.214.171.124
- ACS Express seems to ONLY understands device that belongs to its own subnet i.e 172.16.4.0 /24 network.
- Ip routing has been enabled on core switch and both 192 & 172 network are pingable
Below is the TACACS config on both core & access switch
aaa authentication login default group tacacs+ local
aaa authentication enable default group tacacs+ none
aaa accounting exec default stop-only group tacacs+
aaa accounting commands 15 default stop-only group tacacs+
aaa accounting system default start-stop group tacacs+
tacacs-server host 172.16.4.10
tacacs-server key 1234567
Did i miss out any major config~?
It seems failproof to me but cant understand why it is not accessible via diff subnet 192.100.100.x ip