cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

TACACS+ not work on switch

TACACS+ not work on switch

Andrey_Bakhteev
New Contributor
Hello, community!
Sorry for my English.
I have a several switches Extreme Summit x440-24x-10G. They installed on network to core and aggregate level.
Recently was required to set up authorization TACACS+ and accounting
On all swithces installed ExtremeXOS version 15.5.3.4 v1553b4
Everywhere configuration identical (IP's and names are different :))

Commands to configure tacacs:
configure tacacs primary server xxx.yyy.zzz.hh 49 client-ip [sw_ip] vr VR-Default configure tacacs primary shared-secret ********** configure tacacs secondary server xxx.yyy.zzz.h2 49 client-ip [sw_ip] vr VR-Default configure tacacs secondary shared-secret *********** configure tacacs timeout 30 configure tacacs-accounting primary server xxx.yyy.zzz.hh 49 client-ip [sw_ip] vr VR-Default configure tacacs-accounting primary shared-secret *********** configure tacacs-accounting secondary server xxx.yyy.zzz.h2 49 client-ip [sw_ip] vr VR-Default configure tacacs-accounting secondary shared-secret ************ configure tacacs-accounting timeout 30 enable tacacs enable tacacs-accountingI have next problem - on aggregate switches tacacs authorization works, but tacacs-accounting not work - entered commands don't save on server, but tacacs-accounting counter increased. On core switches tacacs authorization as earned only one, on other two core swithes authorization don't work (and accounting is too) - when i connect to switch through telnet, it prompts for login, i enter login and tacacs password - it expects a few time and says that login incorrect.

In logs I see next:

16:53:11.80 Login failed for user "tacacs_user" through telnet (ip comp)
16:53:11.79 Failed to send authentication to xxx.yyy.zzz.hh trying local. 16:53:11.79 Error writing to remote host xxx.yyy.zzz.hh error=-1 16:52:41.76 Swap host to xxx.yyy.zzz.hh 16:52:41.76 Error writing to remote host xxx.yyy.zzz.h2 error=-1Diagnostic: ping to tacacs servers without loss, traceroute to tacacs server from work and not work swithces are identically. There are no errors - checked several times and compare configuration work and no work switch.

3 REPLIES 3

Drew_C
Valued Contributor III
TACACS+ has been supported for many years on EXOS (and still is).

Adrian_Chaparro
New Contributor
Does anybody here knows which EXOS versions DO supports tacacs and which ones DON'T ?
Any Datasheet or Config Guide ?

Regards

Drew_C
Valued Contributor III
Hi Andrey,
What TACACS+ server software are you using?
GTM-P2G8KFN