[c-nsp] tacacs+ an nexus 5010
Arne Larsen / Region Nordjylland
arla at rn.dk
Wed Jul 1 02:08:21 EDT 2009
No, it should be right. My problem is that if I do a tcpdump on the tacacs+ server I dont see anything from the nexus.
It's like it doesn't leave the box at all.
/Arne
-----Oprindelig meddelelse-----
Fra: chris at lavin-llc.com [mailto:chris at lavin-llc.com]
Sendt: 30. juni 2009 23:34
Til: cisco-nsp at puck.nether.net; Arne Larsen / Region Nordjylland
Emne: Re: [c-nsp] tacacs+ an nexus 5010
On Tue Jun 30 13:47 , Arne Larsen / Region Nordjylland sent:
>Hi all.
>
>Can someone help me out here.
>I'm having trouble getting tacacs+ to work an a nexus 5010.
>When ever I'm trying to access the nexus the debug prints.: Skipping
>DEAD TACACS+ server 10.0.100.233 I can ping and telnet to the tac-server from the nexus. Am I missiing somthing in my config ??
>
>my conf.
>
>vrf context management
> ip name-server 10.2.4.63 10.2.4.64 10.2.4.65 ip host aasnxu1
>10.2.8.14 ip host helios 10.0.100.233 tacacs-server key 7 "xxxxxxxxx"
>tacacs-server host 10.0.100.233
>aaa group server tacacs+ REG_TAC
> server 10.0.100.233
> deadtime 5
> use-vrf management
>aaa authentication login default group REG_TAC aaa authentication login
>error-enable tacacs-server directed-request vrf context management
> ip route 0.0.0.0/0 10.2.8.1
>
>
>
>aasnxu1# sh tacacs-server
>Global TACACS+ shared secret:********
>timeout value:5
>deadtime value:0
>total number of servers:1
>
>following TACACS+ servers are configured:
> 10.0.100.233:
> available on port:49
>
>following TACACS+ server groups are configured:
> group REG_TAC:
> server 10.0.100.233 on port 49
> deadtime is 5
> vrf is management
>
Is there a chance you have a mismatch TACACS key?
-chris
More information about the cisco-nsp
mailing list