Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Per VRF Tacacs+ - not working

I'm trying to configure per VRF tacacs+ on a 2901 running IOS 15.2(4)M2.

 

I have the following configured:

 

aaa new-model
!
!
aaa group server tacacs+ MYGROUP
 server-private 1.2.3.4 key cisco
 ip vrf forwarding vpn_nms
 ip tacacs source-interface Loopback100
!
aaa authentication login default local
aaa authentication login MYGROUP group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group MYGROUP if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip vrf forwarding
!
!
ip vrf vpn_nms
 rd 65XXX:3
!

interface Loopback100
 description NMS LOOPBACK
 ip vrf forwarding vpn_nms
 ip address 10.10.10.10 255.255.255.255

!

tacacs-server host 1.2.3.4
tacacs-server directed-request
tacacs-server key cisco

!

line con 0
 privilege level 15
 logging synchronous
 login authentication MYGROUP
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 login authentication MYGROUP
 length 0
 transport input all

 

I know some of this config is redundant but I have been trying different things and getting nowhere.

Everyone's tags (1)
74
Views
0
Helpful
0
Replies
CreatePlease to create content