Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

tacacs+ authentication problem

I have a ASA services module running in a 6500

I have configured a firewalled vlan for management (172.25.50.x) and applied a permissive access list inbound and outbound to it

I added the ASA as a client on the Cisco ACS (tacacs) server and double-checked the key

The ACS server can ping the firewall, and the firewall can ping the ACS server.

I've issued the following commands on the ASA

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server TACACS+ (mgmt) host 172.25.32.80 <key> timeout 5

aaa authentication ssh console TACACS+

username <user> password <password> priv 15

when I ssh to the ASA, the firewall is not using tacacs+. It is using the local database instead.

There is no activity i the ACS logs

So the firewall isn't even attempting to use tacacs+

Is there something I am missing here?

1 ACCEPTED SOLUTION

Accepted Solutions

tacacs+ authentication problem

Hello Colin,

Can you share

show run ssh

show run aaa

show run aaa-server

test aaa-server  TACACS+

172.25.32.80

username whatever

password whatever

And provide the outputs

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
3 REPLIES

tacacs+ authentication problem

Hello Colin,

Can you share

show run ssh

show run aaa

show run aaa-server

test aaa-server  TACACS+

172.25.32.80

username whatever

password whatever

And provide the outputs

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

tacacs+ authentication problem

When I did the test aaa-server it worked, and I realized I forgot to add

aaa authentication enable console TACACS+

to the ASA

this made everything work correctly. Thanks for your help!

tacacs+ authentication problem

Hello Colin,

So it was a problem with the enable password and not with the SSH authentication

Glad to know its up and running now

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.com

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
110
Views
0
Helpful
3
Replies