Let me start off by saying I'm a novice, and my ACS was installed by someone else and the drive shipped to me.
The basic problem is that I can't get my Catalyst 3560 to authenticate through the Tacacs.
The ACS had the local loopback (127.0.0.1) set as the aaa server. I changed it to the IP (10.1.5.50) of my Win Server 2008 box that it's installed on. My 3560 is 10.1.5.1, which I configured in the TACACS as a aaa client.
When I log on to 3560, it just logs on local. The Tacacs log show’s failed attempts from 10.20.30.6 (The local loopback of the 3560). The error message is “unknown NAS”. I get no successful logon attempts. I added 10.20.30.6 as a aaa client on the Tacacs, and the 3560 still logs on local, but I no longer get the failed attempt from 10.20.30.6.
Ihave the same shared secret for aaa server and client on the Tacacs, as well as aaa host on the 3560.
I set my 3560 as follows:
tacacs-server host 10.1.5.50
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
Can anyone shed some light on this?
Another question - Can I have the user account only on the Tacacs, or do I need a matching account on the 3560?