Hi, anyone using TACACS+ authentication from VRF in SXI successfully? We have login authentication/authorization working, but for enable authentication the box somehow fails to connect to the TACACS+ server.
! aaa group server tacacs+ XXX_tacacs server-private x.x.29.142 key ... ip vrf forwarding mgmt ip tacacs source-interface Loopback1 ! aaa authentication login XXX group XXX_tacacs local aaa authentication enable default group XXX_tacacs enable ... ! ... Aug 28 17:00:37.285: AAA/AUTHOR: auth_need : user= 'user' ruser= 'BA_MN1_CO'rem_addr= 'x.x.251.101' priv= 0 list= '' AUTHOR-TYPE= 'command' Aug 28 17:00:37.285: AAA: parse name=tty2 idb type=-1 tty=-1 Aug 28 17:00:37.285: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0 Aug 28 17:00:37.285: AAA/MEMORY: create_user (0xF7E8CF8) user='user' ruser='NULL' ds0=0 port='tty2' rem_addr='x.x.251.101' authen_type=ASCII service=ENABLE priv=15 initial_task_id='0', vrf= (id=0) Aug 28 17:00:37.285: AAA/AUTHEN/START (4278438600): port='tty2' list='XXX' action=LOGIN service=ENABLE Aug 28 17:00:37.285: AAA/AUTHEN/START (4278438600): using "default" list Aug 28 17:00:37.285: AAA/AUTHEN/START (4278438600): Method=XXX_tacacs (tacacs+) Aug 28 17:00:37.285: TAC+: send AUTHEN/START packet ver=192 id=-16528696 Aug 28 17:00:37.285: TAC+: Opening TCP/IP to x.x.29.142/49 timeout=5 Aug 28 17:00:37.289: TAC+: TCP/IP open to x.x.29.142/49 failed -- Destination unreachable; gateway or host down Aug 28 17:00:37.289: AAA/AUTHEN (4278438600): status = ERROR Aug 28 17:00:37.289: AAA/AUTHEN/START (4278438600): Method=ENABLE Aug 28 17:00:37.289: AAA/AUTHEN (4278438600): status = GETPASS Aug 28 17:00:45.021: AAA/AUTHEN/CONT (4278438600): continue_login (user='(undef)') Aug 28 17:00:45.021: AAA/AUTHEN (4278438600): status = GETPASS Aug 28 17:00:45.021: AAA/AUTHEN/CONT (4278438600): Method=ENABLE Aug 28 17:00:45.025: AAA/AUTHEN (4278438600): password incorrect Aug 28 17:00:45.025: AAA/AUTHEN (4278438600): status = FAIL thx -- deejay __________ Informacia od ESET NOD32 Antivirus, verzia databazy 4388 (20090902) __________ Tuto spravu preveril ESET NOD32 Antivirus. http://www.eset.sk _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/