Extreme Networks

Alexandr_P · ‎12-05-2014

Hello, colleagues!

Earlier was post about TACACS conf - https://community.extremenetworks.com/extreme/topics/tacacs_server_setting_admin_setting-f140e
But now I have question.
When I enable TACACS on switch, I can't login with TACACS account (is present in TACACS server with max priviledge)

Also question - is there possibility, for example, in VR-Default login on switch with TACACS account, in VR-MGMT login on switch with local account?

Thank you!

Drew_C · ‎12-05-2014

Were you ever able to get this resolved?

Drew_C · ‎12-05-2014

Hi Alexandr,
Are there any errors logged in the TACACS server or on the switch? In the past, I've done troubleshooting with Wireshark to watch the requests and responses to and from the server from the switch. That may help you see what is happening.

I'm not aware of any configuration to allow TACACS through VR-Default and local accounts on VR-MGMT.

Stephane_Grosj1 · ‎12-05-2014

Hi,

on the switch, I'd be expecting a config similar to this one:

sw1.1 # sh conf "aaa"
#
# Module aaa configuration.
#
configure tacacs primary server 192.168.56.2 49 client-ip 192.168.56.121 vr VR-Mgmt
configure tacacs primary shared-secret encrypted "ry{zfd"
enable tacacs
enable tacacs-authorization

On the TACACS+ server, I'd be expecting something similar to:

key = purple

##########################
#### Group Definition ####
##########################

group = admingroup {
default service = permit
service = exec {
priv-lvl = 15
}
}

group = readonly {
default service = deny
service = exec {
priv-lvl = 1
}
}

##########################
#### User Definition #####
##########################

user = stef {
member = admingroup
login = cleartext "extreme"
name = "Stephane"
}

user = bdx8 {
member = readonly
login = des “bT.YIz5L3PG3Y”
name = “BlackDiamond”
cmd = show {
deny ipconfig
deny tacacs
deny edp
}
}

Extreme Networks

TACACS+ configuration

TACACS+ configuration