Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA 5550 Console (Serial) TACACS

I have a ASA 5550 running multiple contexts, but having the AAA authentication serial console (TACACS Server Name) LOCAL allows a tacacs challenge on connecting to the console but I am then unable to issue any commands i.e. enable or Show Run - message command autherixation failed

Has anyone setup console (serial) TACACS and got it working?

Thanks                  

Everyone's tags (5)
3 REPLIES

ASA 5550 Console (Serial) TACACS

Hi Simon,

The below are the commands which requires with respect to the console access.

aaa-server TACACS+ protocol tacacs+

aaa authentication serial console TACACS+ LOCAL

aaa authentication telnet console TACACS+ LOCAL

aaa authentication enable console TACACS+ LOCAL

aaa authentication ssh console TACACS+ LOCAL

aaa authentication http console TACACS+ LOCAL

So you should have both serial console and enable console for you settings. If you have these settings in your firewall. Also please check in the tacacs server end if privelage level is set properly for the same.

Please do rate if the given information helps.

By

Karthik

New Member

ASA 5550 Console (Serial) TACACS

I have those setting applied with also :-

aaa authorization command TACACS_Server LOCAL

aaa authorization exec authentication-server

My TACACS account is OK not locked.

On SSH connections it works perfect, but on console (serial) login it does not, TACACS login OK then you need to use the Local enable password (my tacacs password fails), this leaves you in the system area on mulitiple context ASA, you can switch to admin, context1 etc but then any commands fail.

all AAA commands are entered on the admin context

Cisco Employee

ASA 5550 Console (Serial) TACACS

I guess that you should check this post:

https://supportforums.cisco.com/thread/2125588

That seems to be a documented bug.

1840
Views
0
Helpful
3
Replies