11-17-2011 11:51 AM - edited 03-10-2019 06:33 PM
I just upgraded my IOS to the latest but now the way i was inputing my Tacacs+ info is not working.
conf t
!
enable secret*****
username admin privilege 15 password 0 *******
!
aaa new-model
!
aaa authentication login default group tacacs+ enable local
!
aaa authentication enable default group tacacs+ enable
!
!
tacacs-server host*.*.*.* key *******
!
line con 0
login authentication default
!
line vty 0 4
login authentication default
!
line vty 5 15
login authentication default
!
!
end
But now it looks as if I need to set this up a bit diffrently, has anyone setup the new way? any pointers?
11-18-2011 02:23 AM
I know that you need to define the tacacs server a different way.
Tacacs server host
Then you define the server ipv4/ipv6 address and credentials.
Nico
11-18-2011 06:52 AM
Hello,
I do have the same problem with the TACACS+ authentication after upgrading the IOS on my Catalyst C2960G.
It says that the command "tacacs-server host" is deprecated soon. I tried to reconfigure my startup-config according to this link: http://slaptijack.com/networking/new-style-tacacs-configuration/
Although my Switch is accepting the new command a warning message occurs after rebooting it:
%AAAA-4-NOSERVER: Warning: Server acs1.teas.bessy.de is not defined.
Here is an excerpt of my config:
---------------------------------------------------------------------------------
aaa new-model
!
!
aaa group server tacacs+ tac_admin
server name acs1
!
aaa authentication login default group tac_admin local
aaa authorization exec default group tac_admin local
!
tacacs server acs1
address ipv4 192.168.246.69
key 7 #############
---------------------------------------------------------------------------------
I don't know how to solve the problem.
Can anybody help?
André
11-18-2011 02:32 PM
Usualy I update once i've found the fix. or in other words I got it to work running this.
CONF T
aaa new model
tacacs server tacacs
address ipv4 *.*.*.*
key
exit
aaa authentication login default group tacacs+ enable local
aaa authentication login console group tacacs+ enable local
aaa authentication enable default group tacacs+ enable
But this didn't work right away, I acutally had to NO out the previous
tacacs-server IP ADDRESS PORT KEY
that was left from the old IOS. Once I NO'd out that, it worked like a charm
11-21-2011 12:21 AM
@Bobby Roberts,
thank you for your reply.
I'd already exchanged the old "tacacs-server IP ADDRESS PORT KEY" command with the new one like on the example given on this page: http://slaptijack.com/networking/new-style-tacacs-configuration/
So there isn't an old command left. Maybe there is something wrong in my config but I couldn't find any configuration example from Cisco.
Can't anybody help?
11-24-2011 08:06 AM
Although the warning message:
%AAAA-4-NOSERVER: Warning: Server acs1.teas.bessy.de is not defined.
still appears while rebooting the tacacs+ authentication works.
11-25-2011 06:21 AM
Andre - Can you e-mail me your whole config, Ill paste it on a switch here and see where the problem is. Bobby@Bobby4Hire.com
11-28-2011 01:05 AM
Hello Bobby,
I am sorry but I can't send you the whole config because it is a configuration of my company and the necessary part is this one:
aaa new-model
!
!
aaa group server tacacs+ tac_admin
server name acs1
!
aaa authentication login default group tac_admin local
aaa authorization exec default group tac_admin local
!
tacacs server acs1
address ipv4 192.168.246.69
key 7 #############
Despite this thanks for your help .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide