beautypg.com

4 typical tacacs+ scenarios, 5 tacacs+ troubleshooting – Accton Technology ES4626 User Manual

Page 120

background image

120

Parameter:

None

Usage Guide:

Enable the TACACS+ debugging messages to check the negotiation

process of the TACACS+ protocol which can help detecting the failure.

Example:

Enable the debugging messages of the TACACS+ protocol

Switch#debug tacacs-server

2.9.4 Typical TACACS+ Scenarios

Fig 2-6 TACACS Configuration

A computer connects to a switch, of which the IP address is 10.1.1.2 and connected

with a TACACS+ authentication server; IP address of the server is 10.1.1.3 and the

authentication port is defaulted at 49, telnet log on authentication of the switch

Switch(Config)#interface vlan 1

Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0

Switch(Config-if-vlan1)#exit

Switch(Config)#tacacs-server authentication host 10.1.1.3

Switch(Config)#tacacs-server key test

Switch(Config)#authentication login tacacs local

2.9.5 TACACS+ Troubleshooting

In configuring and using TACACS+, the TACACS+ may fail to authentication due

to reasons such as physical connection failure or wrong configurations. The user should

ensure the following:

z

First good condition of the TACACS+ server physical connection

z

Second all interface and link protocols are in the UP state (use “show interface”

command)

z

Then ensure the TACACS+ key configured on the switch is in accordance with the

one configured on TACACS+ server

z

Finally ensure to connect to the correct TACACS+ server

If the TACACS+ authentication problem remain unsolved, please use debug tacacs and

other debugging command and copy the DEBUG message within 3 minutes, send the

10.1.1.1

Switch

10.1.1.2

Tacacs Server

10.1.1.3

This manual is related to the following products:
See also other documents in the category Accton Technology Computer Accessories: