AAA tacacs+ help
I currently have radius setup in a test lab and I am trying to move over to tacacs+
I have already added the devices to Ciscosecure ACS(10.10.1.1) and set the AAA client ip address(192.168.60.2). The key is the same on the ACS and in the router config and I specified Authentication using TACACS+ on the ACS.
Authentication works well when using radius but I haven't gotten it to work with tacacs+
All radius commands have been removed from the config.
The router is a 2821. advipservicesk9-mz.124-3g.bin
Here is what I have..
aaa authentication login bz group tacacs+ local
tacacs-server host 10.10.1.1
tacacs-server key test123
ip tacacs source-interface serial0/0/0(192.168.60.2)
line vty 0 4
login authentication bz
line vty 5 15
login authentication bz
Any help will be greatly appreciated.
I have already added the devices to Ciscosecure ACS(10.10.1.1) and set the AAA client ip address(192.168.60.2). The key is the same on the ACS and in the router config and I specified Authentication using TACACS+ on the ACS.
Authentication works well when using radius but I haven't gotten it to work with tacacs+
All radius commands have been removed from the config.
The router is a 2821. advipservicesk9-mz.124-3g.bin
Here is what I have..
aaa authentication login bz group tacacs+ local
tacacs-server host 10.10.1.1
tacacs-server key test123
ip tacacs source-interface serial0/0/0(192.168.60.2)
line vty 0 4
login authentication bz
line vty 5 15
login authentication bz
Any help will be greatly appreciated.
Comments
-
kryolla Member Posts: 785your AAA config looks right are you able to login via local database. If so then your router isnt communicating with the ACS so I would check that. If you are getting a failed login message via ACS then I would check your user config on ACS. Usually your source interface will be a loopback. Debug AAA on your router and see where it is failing. HTHStudying for CCIE and drinking Home Brew