Header Only - DO NOT REMOVE - Extreme Networks
Question

TACACS+ not work on switch

  • 5 February 2017
  • 3 replies
  • 594 views

Hello, community!
Sorry for my English.
I have a several switches Extreme Summit x440-24x-10G. They installed on network to core and aggregate level.
Recently was required to set up authorization TACACS+ and accounting
On all swithces installed ExtremeXOS version 15.5.3.4 v1553b4
Everywhere configuration identical (IP's and names are different :))

Commands to configure tacacs:
configure tacacs primary server xxx.yyy.zzz.hh 49 client-ip [sw_ip] vr VR-Default configure tacacs primary shared-secret ********** configure tacacs secondary server xxx.yyy.zzz.h2 49 client-ip [sw_ip] vr VR-Default configure tacacs secondary shared-secret *********** configure tacacs timeout 30 configure tacacs-accounting primary server xxx.yyy.zzz.hh 49 client-ip [sw_ip] vr VR-Default configure tacacs-accounting primary shared-secret *********** configure tacacs-accounting secondary server xxx.yyy.zzz.h2 49 client-ip [sw_ip] vr VR-Default configure tacacs-accounting secondary shared-secret ************ configure tacacs-accounting timeout 30 enable tacacs enable tacacs-accounting[/code]I have next problem - on aggregate switches tacacs authorization works, but tacacs-accounting not work - entered commands don't save on server, but tacacs-accounting counter increased. On core switches tacacs authorization as earned only one, on other two core swithes authorization don't work (and accounting is too) - when i connect to switch through telnet, it prompts for login, i enter login and tacacs password - it expects a few time and says that login incorrect.

In logs I see next:

16:53:11.80 Login failed for user "tacacs_user" through telnet (ip comp)
16:53:11.79 Failed to send authentication to xxx.yyy.zzz.hh trying local. 16:53:11.79 Error writing to remote host xxx.yyy.zzz.hh error=-1 16:52:41.76 Swap host to xxx.yyy.zzz.hh 16:52:41.76 Error writing to remote host xxx.yyy.zzz.h2 error=-1[/code]Diagnostic: ping to tacacs servers without loss, traceroute to tacacs server from work and not work swithces are identically. There are no errors - checked several times and compare configuration work and no work switch.

3 replies

Userlevel 7
Hi Andrey,
What TACACS+ server software are you using?
Does anybody here knows which EXOS versions DO supports tacacs and which ones DON'T ?
Any Datasheet or Config Guide ?

Regards
Userlevel 7
Does anybody here knows which EXOS versions DO supports tacacs and which ones DON'T ?
Any Datasheet or Config Guide ?

Regards
TACACS+ has been supported for many years on EXOS (and still is).

Reply