[c-nsp] Catalyst 2960G & Tacacs

[DAVID Sébastien]

Thanks for help,

But my configuration is OK with cisco 2950 only with 2960 I have a problem. This is my configuration aaa :

aaa authentication login telnet group tacacs+ local
aaa authentication login console group tacacs+ local
aaa authentication enable default group tacacs+ enable
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa authorization exec default if-authenticated
aaa authorization config-commands
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+


tacacs-server host x.x.x.x timeout 1

line console 0
login authentication console
line vty 0 4
 logging synchronous
 login authentication telnet
 transport input ssh

-----Message d'origine-----
De : A.L.M.Buxey at lboro.ac.uk [mailto:A.L.M.Buxey at lboro.ac.uk] 
Envoyé : lundi 19 mai 2008 18:05
À : DAVID Sébastien
Cc : cisco-nsp at puck.nether.net
Objet : Re: [c-nsp] Catalyst 2960G & Tacacs

Hi,
> HI,
> 
>  
> 
> I met some difficulties to set up my switch 2960G with tacacs. I have configured a username in local and set an authentification list as follow :

you need to configure the groups for it to use local if server fails.

eg

aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+

tacacs-server host 192.168.1.0
tacacs-server host 192.168.0.255
tacacs-server key 7 <crackable secret>


alan