Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot login to 6509 with TACACS any longer

I have two 6509 switches that were in TACACS as router and switches (duplicate entries).

I removed all entries and re-entered to change the naming convention.

I used the same parameters, but just used a different name for the switches.

Now I get failed attempts using different TACACS accounts. The Accounts are good, because I can get into everything else.

I did the same thing with a couple of other switches with no problem.

Where should I start looking?

Are there any logs that show the reason for the failed attempts?

2 REPLIES

Re: Cannot login to 6509 with TACACS any longer

Can you run a debug aaa authentication and see what it shows

Narayan

Re: Cannot login to 6509 with TACACS any longer

Do you get any hits in acs failed attempts ? Along with "debug aaa authentication" also get "deubg tacacs".

Most of the time issue is with ip tacacs source interface.

The switch should use IP address as source address for tacacs which is defined in acs --->aaa clients.

Regards,

183
Views
0
Helpful
2
Replies