02-22-2008 04:49 AM - edited 03-05-2019 09:18 PM
Hi,
Whenever I use the command "aaa authentication enable default group tacacs+ enable" on my switch & I try to put the enable password I get the error "% Error in authentication.".
Any clue..?
Rgds.,
Sack
02-22-2008 05:04 AM
Yes. Your device is using the aaa authentication mechanism that you just configured on the device, as its supposed to do.
You probably logged in with the local username and/or password log-on credentials that have always existed prior to aaa deployment, and then you proceeded to configure TACACS authentication. Now, the device is rightly using the directives for verifying identity (authentication) that are set out in the aaa configuration -- and your log on credentials dont match, of course.
Typically, you should first configure your ACS server and then configure each node. When configuring each node, enter all the aaa commands and enablae passwords, etc, but WAIT to enter the tacacs key for last. This way you will no tlock yourself out of the device.
HTH
Victor
02-22-2008 07:50 AM
The suggestions made by Victor are certainly valid and might address the issue described by Sack. But I wonder if it is not really a different issue. I am thinking about this statement in the original post:
I try to put the enable password
I have the impression that Sack is attempting to get into enable mode by entering the enable password. But he has now configured so that AAA will authenticate enable by TACACS. In that case he needs to enter his own TACACS password rather than the enable password. (and this presumes that the userID has been defined in TACACS to have enable privileges) Perhaps Sack can clarify which issue he is facing?
HTH
Rick
02-22-2008 09:26 AM
hey Rick:
You said exactly what I was suggesting...lol..
You said: "But he has now configured so that AAA will authenticate enable by TACACS. In that case he needs to enter his own TACACS password rather than the enable password. "
I said: "Yes. Your device is using the aaa authentication mechanism that you just configured on the device, as its supposed to do...Now, the device is rightly using the directives for verifying identity (authentication) that are set out in the aaa configuration -- and your log on credentials dont match, of course."
:-)
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide