I have a 6509 with a Sup2/MSFC2 running in hybrid mode and I'm trying to use TACACS for authentication/accounting on both the SP and MSFC. For some reason, the MSFC and the ACS don't talk, but the SP works just fine.
The MSFC config is as follows:
aaa authen login infrastructure group tacacs+ line enable
aaa authen enable infrastructure group tacacs+ enable
I would suggest checking first in the TACACS server and looking in the failed attempts report. If the request got to the server (and I would assume that it is not an IP connectivity issue if the sup works fine) and was not authenticated there should be an entry in the failed attempts report. This would identify what the problem is.
I am going to take a guess at the problem without benefit of knowing what is in the failed attempts report. My guess is that the MSFC is not sourcing its requests from the IP address that is configured in the TACACS server. This might be a configuration error, but is also possibly that the MSFC has more than one interface that can get to the server and it is choosing to use an interface other than the one that was configured on the server. The solution to this issue is to use the ip tacacs source-address command in the MSFC config and specify which address the MSFC should use as the source address.
If that is not the issue then please tell us what is in the failed attempts report.
I am glad that my suggestion was able to solve your problem.
Thanks for posting back to the forum and indicating that your problem was solved. It helps make the forum more useful when people can read about a problem and can see what the solution to the problem turned out to be.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :