Home
Certification Preparation
Cisco
CCNA & CCENT
CCNA Security
After configuring tacacs cannot access to cli
Gngogh
After configuring Tacacs+ cannot access throught tacacs or telnet:
!
aaa new-model
!
!
aaa group server tacacs+ TACACS+CG
server [server ip address]
server [server ip address]
!
aaa authentication login default group TACACS+CG enable
aaa authentication enable default group TACACS+CG enable
aaa authorization exec default group TACACS+CG if-authenticated
aaa authorization commands 0 default group TACACS+CG if-authenticated
aaa authorization commands 1 default group TACACS+CG if-authenticated
aaa authorization commands 15 default group TACACS+CG if-authenticated
!
aaa session-id common
!
tacacs-server host [server ip address] timeout 3 key 7 [key]
tacacs-server host [server ip address] timeout 3 key 7 [key]
!
What am i doing wrong? help is appreciated.
Find more posts tagged with
Comments
Hondabuff
I run my production network like this. I would probably not use the if-authenticated because if you can not reach the acs server then you get locked out. I use 2 privilege levels on my ACS 7 and 15. 7 is for the NOC users and they only have a few show commands. Under my vty lines I use the R1(config-line)#authorization exec default. Once you test by ssh or telnet, the "P" in password will be lower case if Tacacs is working and capital P if it is not.
password: vs Password:
!
aaa new-model
!
!
aaa authentication login default group tacacs+ line
aaa authorization exec default group tacacs+ local none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
tacacs-server host 192.168.1.5 key Cisco123!
DCD
What is your console and VTY configuration.
d4nz1g
deb aaa authen is always helpful
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
