[c-nsp] Tacacs+ problem in cisco 7507
Ambedkar
p.ambedkar at gmail.com
Tue Nov 15 23:14:33 EST 2011
yeah oli, this is what i mean. previously also i have done like this and it
worked well.
Anyway thanks for the support.
bye.
Ambi.
On Wed, Nov 16, 2011 at 12:33 AM, Oliver Boehmer (oboehmer) <
oboehmer at cisco.com> wrote:
>
> > Just giving the "aaa new-model" command does not cause the router to
> > start using tacacs
>
> well, if Ambi had tacacs enabled before, it would actually restore the
> previous AAA config (assuming no reload took place in the mean time).. just
> checked with 12.2SRD
>
> R1(config)#do show run | i tac|aaa
> aaa new-model
> aaa authentication login default group tacacs+ local
> aaa authorization exec default group tacacs+ local
> aaa session-id common
> tacacs-server host 1.1.1.1
> tacacs-server key cisco
>
> R1(config)#no aaa new-model
> R1(config)#do show run | i tac|aaa
> no aaa new-model
> tacacs-server host 1.1.1.1
> tacacs-server key cisco
>
> R1(config)# aaa new-model
> R1(config)#do show run | i tac|aaa
> aaa new-model
> aaa authentication login default group tacacs+ local
> aaa authorization exec default group tacacs+ local
> aaa session-id common
> tacacs-server host 1.1.1.1
> tacacs-server key cisco
> R1(config)#
>
> not sure if this is what Ambi meant, but just for info..
>
> oli
>
> > Aaron
> >
> > On Tue, Nov 15, 2011 at 03:28, Ambedkar <p.ambedkar at gmail.com> wrote:
> > > HIi, thanks for the information.
> > > Actually what happened is, i have configured the router for the TACACS
> in
> > > the router and it was running properly.
> > > After that the TACACS server has some different problems, and it was
> made
> > > switched off. So i have disabled the TACACS in the router giving the
> > > command "no aaa new-model", if we give command all commands related to
> > > TACACS will be disappears. When we want to activate the service, just
> give
> > > the command "aaa new-model". so, i have given this command, and i
> thought
> > > all other commands also activated(Generally it happens).
> > > But, that commands were deleted, and the router is going to TACACS
> server
> > > for authentication.
> > > So, some how i logged(remote router) the router with console, and i
> > > configured the necessary commands, presently it is working.
> > >
> > > But my question is, if the necessary commands are not there, then why
> > > should router try for TACACS server, this is very dangerous.
> > > and moreover cisco 7507 router has different console interface i.e.,
> DB25
> > > connector, which is not normally available.
> > >
> > > Any way, thanks for the replies.
> > > Bye.
> > > Ambi
> > >
> > > On Mon, Nov 14, 2011 at 8:00 PM, Rick Burts <r.burts at earthlink.net>
> wrote:
> > >
> > >> Perhaps the first thing to do is to check the logs on the
> > >> TACACS server. Is the server seeing the request? If the
> > >> server is seeing the request and is denying then there should
> > >> be a reason given in the log record.
> > >>
> > >> There are a number of things that could cause this kind of
> > >> problem. You might check these:
> > >> - is there IP connectivity between the router and the TACACS
> > >> server?
> > >> - is it possible that the TACACS requests are being filtered
> > >> out by some access list or firewall on the path to the server?
> > >> - is it possible that the shared key between the router and the
> > >> server is not correct?
> > >> - does the server have the correct configuration for the router
> > >> as a client?
> > >> - is the router sourcing the request from the address that the
> > >> server is expecting?
> > >>
> > >> HTH
> > >>
> > >> Rick
> > >>
> > >>
> > >> On 11/14/2011 12:14 AM, Ambedkar wrote:
> > >>
> > >>> Hi,
> > >>> I configured the tacacs+ in the cisco 7507. But when i am connecting
> and
> > >>> entering the USERNAME and PASSWORD, it says authentication failed.
> > >>> Other devices are working with the same configuration.
> > >>> I intentionally killed the tac_plus application, eventhough it is
> asking
> > >>> the USERNAME and PASSWORD.
> > >>>
> > >>> Please help me.
> > >>> bye.
> > >>> ______________________________**_________________
> > >>> cisco-nsp mailing list cisco-nsp at puck.nether.net
> > >>> https://puck.nether.net/**mailman/listinfo/cisco-
> > nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> > >>> archive at http://puck.nether.net/**pipermail/cisco-
> > nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
> > >>>
> > >>> ______________________________**_________________
> > >> cisco-nsp mailing list cisco-nsp at puck.nether.net
> > >> https://puck.nether.net/**mailman/listinfo/cisco-
> > nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> > >> archive at http://puck.nether.net/**pipermail/cisco-
> > nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
> > >>
> > > _______________________________________________
> > > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > >
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list