[c-nsp] Tacacs+ problem in cisco 7507

Aaron dudepron at gmail.com
Tue Nov 15 13:33:38 EST 2011


You are complaining about the previous standard console connector? You
do know how old that router is don't you?
Just giving the "aaa new-model" command does not cause the router to
start using tacacs. You need to put in there rest of the config and
you need to be careful in the order or you may find yourself locked
out before you have finished.
I've always taken the aaa config and copied it to the disk on the
router using ftp/sftp. Then done a copy disk0:filename to running to
avoid that.

Aaron

On Tue, Nov 15, 2011 at 03:28, Ambedkar <p.ambedkar at gmail.com> wrote:
> HIi, thanks for the information.
> Actually what happened is, i have configured the router for the TACACS in
> the router and it was running properly.
> After that the TACACS server has some different problems, and it was made
> switched off. So i have disabled the TACACS in the router giving the
> command "no aaa new-model", if we give command all commands related to
> TACACS will be disappears. When we want to activate the service, just give
> the command "aaa new-model". so, i have given this command, and i thought
> all other commands also activated(Generally it happens).
> But, that commands were deleted, and the router is going to TACACS server
> for authentication.
> So, some how i logged(remote router) the router with console, and i
> configured the necessary commands, presently it is working.
>
> But my question is, if the necessary commands are not there, then why
> should router try for TACACS server, this is very dangerous.
> and moreover cisco 7507 router has different console interface i.e., DB25
> connector, which is not normally available.
>
> Any way, thanks for the replies.
> Bye.
> Ambi
>
> On Mon, Nov 14, 2011 at 8:00 PM, Rick Burts <r.burts at earthlink.net> wrote:
>
>> Perhaps the first thing to do is to check the logs on the
>> TACACS server. Is the server seeing the request? If the
>> server is seeing the request and is denying then there should
>> be a reason given in the log record.
>>
>> There are a number of things that could cause this kind of
>> problem. You might check these:
>> - is there IP connectivity between the router and the TACACS
>> server?
>> - is it possible that the TACACS requests are being filtered
>> out by some access list or firewall on the path to the server?
>> - is it possible that the shared key between the router and the
>> server is not correct?
>> - does the server have the correct configuration for the router
>> as a client?
>> - is the router sourcing the request from the address that the
>> server is expecting?
>>
>> HTH
>>
>> Rick
>>
>>
>> On 11/14/2011 12:14 AM, Ambedkar wrote:
>>
>>> Hi,
>>> I configured the tacacs+ in the cisco 7507. But when i am connecting and
>>> entering the USERNAME and PASSWORD, it says authentication failed.
>>> Other devices are working with the same configuration.
>>> I intentionally killed the tac_plus application, eventhough it is asking
>>> the USERNAME and PASSWORD.
>>>
>>> Please help me.
>>> bye.
>>> ______________________________**_________________
>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
>>> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>>>
>>>  ______________________________**_________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
>> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



More information about the cisco-nsp mailing list