Can TACACS config interfere with EIGRP?

I have enabled TACACS aaa model on one of the routers and EIGRP is not peering with it. I have 2 other routers peering with this router, and 2 others with aaa and the 2 running aaa will not peer.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

networker050184

It shouldn't interfere. Post some configs up and let us see what you are working with.

flipmad

networker050184 wrote: »

It shouldn't interfere. Post some configs up and let us see what you are working with.

I am just awaiting the config on the remote routers. As soon as I get it I will post it up. Thanks man

networker050184

Nothing jumps out at me as wrong. I'm assuming these are both plugged into a switched network? Can they ping each others LAN interface? If not double check VLAN assignments.

flipmad

ironically the routers can ping eachother. My only concern is the aaa is somehow interfering.

We are going to have further engineering discussions. Once we figure it out i will definitely let you know.

by the way, i appreciate your feedback in the forums over the years. you have always been a reliable reference in these forums.

mikej412

blake15 wrote: »

I have 2 other routers peering with this router, and 2 others with aaa and the 2 running aaa will not peer.

Are any of those routers also running VPN tunnels?

Is this production (real hardware) or lab (real hardware or simulator/emulator)?

If this is a lab, try the debug ip routing command.

networker050184

I highly doubt its the AAA messing things up. It might be the tunnels causing some kind of weird stuff to happen like Mike is getting at. Thats the only thing I can think of really. Or maybe some kind of filtering somewhere....

Can we get a show ip route from the two routers?

flipmad

They are production routers. We removed the AAA config and it made no difference. They actually have a Cisco switch between the routers and we are starting to think that this may be causing the problem. My sh route is going to be miles long because the tunnel is atually peering with an HQ router. But we have this exact same config (different IPs) on another router with VPN and it peers with the tunnel and with their router. The only difference is the switch in between. Unfortunately Router 2 and the switch are not managed by us so hopefully i will have some additional info for all of you shortly

jason_lunde

You could always try to use the neighbor statement instead of the network statement under the eigrp process. Could be a multicast issue on that lan segment.

networker050184

jason_lunde wrote: »

You could always try to use the neighbor statement instead of the network statement under the eigrp process. Could be a multicast issue on that lan segment.

Be careful with this command if you try it though. It stops the router from processing all EIGRP multicast packets on that interface. So if you have other neighbors on there they will drop out unless you put statements for them also.

jason_lunde

networker050184 wrote: »

Be careful with this command if you try it though. It stops the router from processing all EIGRP multicast packets on that interface. So if you have other neighbors on there they will drop out unless you put statements for them also.

Good catch...probably should have mentioned that

flipmad

Just wanted to let you know that we figured this out (a long time ago, but I just forgot to re-post). There was a non-cisco switch that was blocking multi-cast traffic.

captobvious

That would do it!