Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

AAA configuation on CAT 3750

Everytime I enter the following AAA commands my switch locks up.

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization console

aaa authorization config-commands

aaa authorization exec default group tacacs+ local

aaa authorization commands 0 default group tacacs+ local

aaa authorization commands 1 default group tacacs+ local

aaa authorization commands 15 default group tacacs+ local

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

aaa accounting system default stop-only group tacacs+

aaa session-id common

1 ACCEPTED SOLUTION

Accepted Solutions

Re: AAA configuation on CAT 3750

you current session may indeed lock up if you were logged in via local account that doesn't have entry in TACACS or just via line password. Enable first only authentication via TACACS, then relogin using TACACS account, then add authorization.

8 REPLIES
New Member

Re: AAA configuation on CAT 3750

Do you have the tacas server set up and responding? I don't see anything in the config displaying the Tacacs server information.

As soon as you paste the config in, you can no longer enter commands without the tacacs server permitting you to do so.

New Member

Re: AAA configuation on CAT 3750

Yes the TACACS server is up and running. I just did the same commands to my router and had no issues.

New Member

Re: AAA configuation on CAT 3750

is the tacacs-server host x.x.x.x

anywhere on the switch?

New Member

Re: AAA configuation on CAT 3750

yes here is my switch config

Re: AAA configuation on CAT 3750

you current session may indeed lock up if you were logged in via local account that doesn't have entry in TACACS or just via line password. Enable first only authentication via TACACS, then relogin using TACACS account, then add authorization.

New Member

Re: AAA configuation on CAT 3750

please see my switch config I posted

New Member

Re: AAA configuation on CAT 3750

Do you have any other switches you can try the config on?

Re: AAA configuation on CAT 3750

'tacacs-server directed-request' is generally considered to be security risk and you shouldn't include it unless really necessary. Otherwise your config looks fine. Just apply AAA config in the sequence I mentioned and enable authentication also on the console.

142
Views
0
Helpful
8
Replies