Sometimes enable on CAT6509

• Next message: Joe Lin: "[nsp] Maximum sub-interfaces per port"
• Previous message: Hank Nussbacher: "Re: [nsp] effect of ACL on cisco 7500 routers"
• Next in thread: Robert Frånberg: "Sometimes enable on CAT6509"
• Maybe reply: Robert Frånberg: "Sometimes enable on CAT6509"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Has anyone experienced a sporadic authorization failure to a Catalyst 6509,
using TACACS+?
We have found that sometimes you have to do a login attempt up to 6(six)
times to get an enable prompt.

This works perfectly when using IOS based equipment, (routers AND switches)
Tacacs server is

Form the FREEtacacs server:
------------------------------------------

user = admin {
         default service = permit
         login = des xxxxxxxxxxxx
         service = exec {
                 priv-lvl = 15
         }
}

 From the Catalyst 6509
----------------------------------

WS-C6509 Software, Version NmpSW: 6.1(1b)
Copyright (c) 1995-2000 by Cisco Systems
NMP S/W compiled on Nov 9 2000, 22:11:25

set tacacs server xxx.xxx.xxx.xxx
set tacacs attempts 3
set tacacs directedrequest disable
set tacacs key <secret>
set tacacs timeout 10

#authentication
set authentication login tacacs enable console primary
set authentication login tacacs enable telnet primary
set authentication login tacacs disable http
set authentication enable tacacs enable console primary
set authentication enable tacacs enable telnet primary

--------------------------------------------------------------------------------------------------------

Robert Frånberg E-Mail: robert.franberg@it.su.se
                        
Stockholms universitet Tel: 08 - 674 7594
Enheten för IT och media Mobil: 070- 620 7594
106 91 Stockholm

• Next message: Joe Lin: "[nsp] Maximum sub-interfaces per port"
• Previous message: Hank Nussbacher: "Re: [nsp] effect of ACL on cisco 7500 routers"
• Next in thread: Robert Frånberg: "Sometimes enable on CAT6509"
• Maybe reply: Robert Frånberg: "Sometimes enable on CAT6509"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:11:55 EDT