TACAC+ configure

Hi all,
did you used to configure TACACS+ with cisco N3K ? we try but when we telnet it still use local database user.
any suggestion plz help share.

Hello Titya

The only thing I can suggest at this point is to verify that your configuration is correct using this Cisco documentation for the specific requirements.

By default, the local database is used. Make sure you have indicated the location of the TACACS server and have placed that first in the aaa authorization command.

I hope this has been helpful!


Hello lagapides,
our config as below but this time we can not remote to N3K both local and tacacs+ server
available only console. any help ?

feature tacacs+ 
tacacs-server host x.x.x.x
tacacs-server key xxxxxx
tacacs-server timeout 30
tacacs-server deadtime 1

aaa group server tacacs+ abc
aaa authentication login default group today
aaa authentication login console local 
aaa authorization config-commands default group abc local
aaa authorization commands default group today local
aaa accounting default group abc

One thing I see in your config is that you configure group “abc” and then specify group “today” :

aaa group server tacacs+ abc
aaa authentication login default group today

If you want to troubleshoot this, debugging is very helpful:

NX1# debug aaa ?
  aaa-requests  Aaa request debug
  all           Enable all the debug flags
  conf-events   Aaa configuration events
  errors        Aaa errors
  events        Aaa events debug
  mts           Configure Tx/Rx packets of MTS

Set it to “all” and you’ll probably see an error message when you attempt to authenticate.

For group name i already correct it.