Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

the new Tacacs+ for Switches

I just upgraded my IOS to the latest but now the way i was inputing my Tacacs+ info is not working.

conf t

!

enable secret*****

username admin privilege 15 password 0 *******

!

aaa new-model

!

aaa authentication login default group tacacs+ enable local

!

aaa authentication enable default group tacacs+ enable

!

!

tacacs-server host*.*.*.* key *******

!

line con 0

login authentication default

!

line vty 0 4

login authentication default

!

line vty 5 15

login authentication default

!

!

end

But now it looks as if I need to set this up a bit diffrently, has anyone setup the new way?  any pointers?

7 REPLIES

the new Tacacs+ for Switches

I know that you need to define the tacacs server a different way.

Tacacs server host (hit enter here)

Then you define the server ipv4/ipv6 address and credentials.

Nico

New Member

Re: the new Tacacs+ for Switches

Hello,

I do have the same problem with the TACACS+ authentication after upgrading the IOS on my Catalyst C2960G.

It says that the command "tacacs-server host" is deprecated soon. I tried to reconfigure my startup-config according to this link: http://slaptijack.com/networking/new-style-tacacs-configuration/

Although my Switch is accepting the new command a warning message occurs after rebooting it:

%AAAA-4-NOSERVER: Warning: Server acs1.teas.bessy.de is not defined.

Here is an excerpt of my config:

---------------------------------------------------------------------------------

aaa new-model

!

!

aaa group server tacacs+ tac_admin

server name acs1

!

aaa authentication login default group tac_admin local

aaa authorization exec default group tac_admin local

!

tacacs server acs1

address ipv4 192.168.246.69

  key 7 #############

---------------------------------------------------------------------------------

I don't know how to solve the problem.

Can anybody help?

André

New Member

Re: the new Tacacs+ for Switches

Usualy I update once i've found the fix.   or in other words I got it to work running this.

CONF T

aaa new model

tacacs server tacacs

address ipv4 *.*.*.*

key

exit

aaa authentication login default group tacacs+ enable local

aaa authentication login console group tacacs+ enable local

aaa authentication enable default group tacacs+ enable

But this didn't work right away, I acutally had to NO out the previous

tacacs-server IP ADDRESS PORT KEY

that was left from the old IOS.  Once I NO'd out that, it worked like a charm

New Member

Re: the new Tacacs+ for Switches

@Bobby Roberts,

thank you for your reply.

I'd already exchanged the old  "tacacs-server IP ADDRESS PORT KEY" command with the new one like on the example given on this page: http://slaptijack.com/networking/new-style-tacacs-configuration/

So there isn't an old command left. Maybe there is something wrong in my config but I couldn't find any configuration example from Cisco.

Can't anybody help?

New Member

Re: the new Tacacs+ for Switches

Although the warning message:

%AAAA-4-NOSERVER: Warning: Server acs1.teas.bessy.de is not defined.

still appears while rebooting the tacacs+ authentication works.

New Member

Re: the new Tacacs+ for Switches

Andre - Can you e-mail me your whole config, Ill paste it on a switch here and see where the problem is.  Bobby@Bobby4Hire.com

New Member

Re: the new Tacacs+ for Switches

Hello Bobby,

I am sorry but I can't send you the whole config because it is a configuration of my company and the necessary part is this one:

aaa new-model

!

!

aaa group server tacacs+ tac_admin

server name acs1

!

aaa authentication login default group tac_admin local

aaa authorization exec default group tac_admin local

!

tacacs server acs1

address ipv4 192.168.246.69

  key 7 #############

Despite this thanks for your help .

9102
Views
0
Helpful
7
Replies