Hi all,
did you used to configure TACACS+ with cisco N3K ? we try but when we telnet it still use local database user.
any suggestion plz help share.
Hello Titya
The only thing I can suggest at this point is to verify that your configuration is correct using this Cisco documentation for the specific requirements.
By default, the local database is used. Make sure you have indicated the location of the TACACS server and have placed that first in the aaa authorization
command.
I hope this has been helpful!
Laz
Hello lagapides,
our config as below but this time we can not remote to N3K both local and tacacs+ server
available only console. any help ?
feature tacacs+
tacacs-server host x.x.x.x
tacacs-server key xxxxxx
tacacs-server timeout 30
tacacs-server deadtime 1
aaa group server tacacs+ abc
aaa authentication login default group today
aaa authentication login console local
aaa authorization config-commands default group abc local
aaa authorization commands default group today local
aaa accounting default group abc
One thing I see in your config is that you configure group “abc” and then specify group “today” :
aaa group server tacacs+ abc
aaa authentication login default group today
If you want to troubleshoot this, debugging is very helpful:
NX1# debug aaa ?
aaa-requests Aaa request debug
all Enable all the debug flags
conf-events Aaa configuration events
errors Aaa errors
events Aaa events debug
mts Configure Tx/Rx packets of MTS
Set it to “all” and you’ll probably see an error message when you attempt to authenticate.
For group name i already correct it.