[c-nsp] VRF and Tacas

Ziv Leyes zivl at gilat.net
Thu Mar 17 03:03:45 EDT 2011


Could you post your line vty configuration?


-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Judith Sanders
Sent: Wednesday, March 16, 2011 10:03 PM
To: 'cisco-nsp at puck.nether.net'
Subject: [c-nsp] VRF and Tacas

I am trying to configure my ASR 1006 to use TACACS+ via my vrf interface, which is my gigabitethernet 0 interface.  We use this only for management.  I can ping the TAC server from my vrf, but it will not authenticate against it.  Here is what I have-

interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.x.x.x  x.x.x.x
negotiation auto

aaa authentication login default group tacacs+ local aaa authorization exec default group tacacs+ if-authenticated aaa accounting exec default start-stop group tacacs+ aaa accounting commands 0 default start-stop group tacacs+ aaa accounting commands 1 default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ aaa accounting connection default start-stop group tacacs+

ip tacacs source-interface GigabitEthernet0 tacacs-server host 172.x.x.x tacacs-server host 172.x.x.x tacacs-server directed-request tacacs-server key x.x.x.x

I can ping the TAC server from my vrf- and here are my debugs-I am not successful.


Mar 16 14:52:20: TPLUS: processing authentication start request id 606 Mar 16 14:52:20: TPLUS: Authentication start packet created for 606(jasanders) Mar 16 14:52:20: TPLUS: Using server 172.16.1.124 Mar 16 14:52:20: TPLUS(0000025E)/0/NB_WAIT/4DB519C0: Started 5 sec timeout Mar 16 14:52:25: TPLUS(0000025E)/0/NB_WAIT/4DB519C0: timed out Mar 16 14:52:25: TPLUS: Choosing next server 172.16.1.134 Mar 16 14:52:25: TPLUS(0000025E)/1/NB_WAIT/4DB519C0: Started 5 sec timeout Mar 16 14:52:25: TPLUS(0000025E)/4DB519C0: releasing old socket 0 Mar 16 14:52:30: TPLUS(0000025E)/1/NB_WAIT/4DB519C0: timed out Mar 16 14:52:30: TPLUS(0000025E)/1/NB_WAIT/4DB519C0: timed out, clean up Mar 16 14:52:30: TPLUS(0000025E)/1/4DB519C0: Processing the reply packet Mar 16 14:52:38: TPLUS: Queuing AAA Authentication request 606 for processing Mar 16 14:52:38: TPLUS: processing authentication start request id 606 Mar 16 14:52:38: TPLUS: Authentication start packet created for 606(jasanders) Mar 16 14:52:38: TPLUS: Using server 172.16.1.124 Mar 16 14:52:38: TPLUS(0000025E)/0/NB_WAIT/4DB519C0: Started 5 sec timeout Mar 16 14:52:43: TPLUS(0000025E)/0/NB_WAIT/4DB519C0: timed out Mar 16 14:52:43: TPLUS: Choosing next server 172.16.1.134 Mar 16 14:52:43: TPLUS(0000025E)/1/NB_WAIT/4DB519C0: Started 5 sec timeout Mar 16 14:52:43: TPLUS(0000025E)/4DB519C0: releasing old socket 0 Mar 16 14:52:48: TPLUS(0000025E)/1/NB_WAIT/4DB519C0: timed out Mar 16 14:52:48: TPLUS(0000025E)/1/NB_WAIT/4DB519C0: timed out, clean up



Thanks,
Judith Sanders
Pioneer Telephone
Inside Plant Networking Services
jasanders at ptci.com




***************************
This email message and any files transmitted with it are intended solely for the use of the individual or entity  for whom it is addressed.  It may contain confidential and privileged information. If you are not the intended recipient, please contact the sender and destroy all paper and electronic copies of this message and its contents.  Any unauthorized review, use, disclosure or distribution of this email or any file attachments is strictly prohibited.
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

 
 
************************************************************************************
This footnote confirms that this email message has been scanned by PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************




The information contained in this e-mail message and its attachments is confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender, and then delete the message from your computer.  Thank you!

******** This mail was sent via Mail-SeCure System.********



 
 
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************






More information about the cisco-nsp mailing list