Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

3550 Not Authenticating TACACS+

Hi,

i have a 3550 with ipservices 12.2(44) upgraded from c3550-i5q3l2-mz.121-22.EA4.bin when the reload is completed, the switch is no longer authenticating to tacacs and failing back to the local user and password

1 ACCEPTED SOLUTION

Accepted Solutions

Re: 3550 Not Authenticating TACACS+

Mini,

Did you define source interface for tacacs authentication.

On router issue command,

ip tacacs source-interface fastethernet x/y , where interface would be the one mentioned in tacacs server.

That should fix it.

Regards,

~JG

Do rate helpful posts

4 REPLIES
Hall of Fame Super Silver

Re: 3550 Not Authenticating TACACS+

Matthew

A logical starting place is to check to see if something in the config changed during the upgrade process. Can you tell us whether anything is different in the config after the upgrade?

Another thing to check is whether the authentication requests are getting to the server. Can you check on the server and see if the server has recognized the authentication attempt (might be in successful log or in failed log).

If those do not provide insight I would suggest running debug tacacs authentication, try to authenticate, and post the debug output.

HTH

Rick

Re: 3550 Not Authenticating TACACS+

Mini,

Did you define source interface for tacacs authentication.

On router issue command,

ip tacacs source-interface fastethernet x/y , where interface would be the one mentioned in tacacs server.

That should fix it.

Regards,

~JG

Do rate helpful posts

New Member

Re: 3550 Not Authenticating TACACS+

If you are using aaa group command, you might find its missing from the running config, see CSCsl42964.

New Member

Re: 3550 Not Authenticating TACACS+

issue has been fixed,

issue was that post upgrade the device was sending the tacacs+ request out a different interface, so that it was "seeing" the server, but unable to authenticate to it, due to the tacacs+ server having a different IP Address in its database

Thanks to all for the input

297
Views
0
Helpful
4
Replies
CreatePlease to create content