Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 and 3750x switches

Hi

We're still using ACS 4.2 for authenticating to switches.

Since we've been rolling out the 3750x we seem to be coming across speed issues.

It take 2-3 times as long to run a command on a 3705x using universalk9 15.0(1)

Once we remove the TACACS the speed of the switch is fine.

Have no issues using this script on the 3750's

aaa new-model
aaa authentication fail-message ^CFailed login. Try again.^C
aaa authentication login default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa authorization commands 0 default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
!
aaa session-id common

!
tacacs-server host
tacacs-server key

We've checked line by line with a working switch on the same IOS.

We seem to get this accross 3 different sites, some work some don't

The management is in it's own  vlan 4000 which is routed around the network, but it we put a management address for the switch in out of vlan 1, there is now speed issues.  We just can't find the issue, any help would be much appreciated.

Everyone's tags (2)
1 REPLY
Hall of Fame Super Silver

ACS 4.2 and 3750x switches

Hmm. Are you set on 15.0(1)? It was a bit buggy release and there is at least one TACACS-specific bug that is resolved in a later release.

15.0(2)SE4 woud be a good target image.

If you don't have the option of that, I would turn on tacacs debug while the problem occurs on a switch and examine the output for clues.

Also, you didn't mention are you using the Ethernet management (physical port) on your 3750X's?

144
Views
0
Helpful
1
Replies
CreatePlease to create content