[c-nsp] Very Strange AAA behaviour in a 3750 stack

luismi asturluismi at gmail.com
Thu Aug 7 11:46:34 EDT 2008 

Hi Leif,

Are you able to use the Tacacs credentials in the conosole port and with
telnet?

I am only albe to use tacacs credentials using ssh.

Telnet just works only if I have another session opened throught ssh.

Console access don't work with Tacacs but I didn't chech it yet.


El jue, 07-08-2008 a las 07:09 -0800, Leif Sawyer escribió:
> Here's the AAA config on my 3750, which seems to work fine:
> 
> aaa new-model
> aaa group server tacacs+ Cisco_secure
>  server 192.168.4.22
> !
> aaa authentication login default group Cisco_secure enable
> aaa authentication enable default enable
> aaa authorization exec default group Cisco_secure none
> aaa authorization commands 15 default group Cisco_secure none
> aaa authorization network default group Cisco_secure none
> aaa accounting send stop-record authentication failure
> aaa accounting exec default start-stop group Cisco_secure
> aaa accounting commands 1 default stop-only group Cisco_secure
> aaa accounting commands 15 default stop-only group Cisco_secure
> aaa accounting network default start-stop group Cisco_secure
> aaa accounting connection default start-stop group Cisco_secure
> aaa accounting system default stop-only group Cisco_secure
> !
> aaa session-id common
> 
> 
> > -----Original Message-----
> > From: cisco-nsp-bounces at puck.nether.net 
> > [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of luismi
> > Sent: Thursday, August 07, 2008 5:10 AM
> > To: Nic Tjirkalli
> > Cc: cisco-nsp at puck.nether.net
> > Subject: Re: [c-nsp] Very Strange AAA behaviour in a 3750 stack
> > 
> > Hi,
> > 
> > I tried the changes you told me, same result.
> > 
> > El jue, 07-08-2008 a las 13:52 +0200, Nic Tjirkalli escribió:
> > > aaa authorization commands 1 default local group tacacs+ 
> > > if-authenticated aaa authorization commands 15 default local group 
> > > tacacs+ if-authenticated
> > 
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net 
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list