[c-nsp] Tacacs problem - 2950

Paul Stewart pstewart at nexicomgroup.net
Tue Nov 28 10:39:41 EST 2006


We are moving towards total Tacacs+ implementation here and many devices
are cut over and working fine...

My first 2950-T switch came up in the list and I'm having problems
getting it to work and not sure why...

aaa new-model
aaa authentication login default group tacacs+ enable
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 2 default start-stop group tacacs+
aaa accounting commands 3 default start-stop group tacacs+
aaa accounting commands 4 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
tacacs-server host xxx.xxx.xxx.181 timeout 5
tacacs-server key 7 XXXXXXXXXXXXXXXXXXXXXXXX

line vty 0 4
 password 7 XXXXXXXXXXXXXXXXXXXX
line vty 5 10
 password 7 XXXXXXXXXXXXXXXXXXXX


It won't prompt for username, only for password - and the password it
accepts via telnet is the enable password itself.  The password entry on
the "line vty 0 4" is not used but without it I cannot login at all...

this is the same config I've used on 6500's, GSR's and even 2924
switches... trying to figure out what makes the 2950 different...;)

Thanks,

Paul



More information about the cisco-nsp mailing list