yeah oli, this is what i mean. previously also i have done like this and it worked well.
Anyway thanks for the support. bye. Ambi. On Wed, Nov 16, 2011 at 12:33 AM, Oliver Boehmer (oboehmer) < [email protected]> wrote: > > > Just giving the "aaa new-model" command does not cause the router to > > start using tacacs > > well, if Ambi had tacacs enabled before, it would actually restore the > previous AAA config (assuming no reload took place in the mean time).. just > checked with 12.2SRD > > R1(config)#do show run | i tac|aaa > aaa new-model > aaa authentication login default group tacacs+ local > aaa authorization exec default group tacacs+ local > aaa session-id common > tacacs-server host 1.1.1.1 > tacacs-server key cisco > > R1(config)#no aaa new-model > R1(config)#do show run | i tac|aaa > no aaa new-model > tacacs-server host 1.1.1.1 > tacacs-server key cisco > > R1(config)# aaa new-model > R1(config)#do show run | i tac|aaa > aaa new-model > aaa authentication login default group tacacs+ local > aaa authorization exec default group tacacs+ local > aaa session-id common > tacacs-server host 1.1.1.1 > tacacs-server key cisco > R1(config)# > > not sure if this is what Ambi meant, but just for info.. > > oli > > > Aaron > > > > On Tue, Nov 15, 2011 at 03:28, Ambedkar <[email protected]> wrote: > > > HIi, thanks for the information. > > > Actually what happened is, i have configured the router for the TACACS > in > > > the router and it was running properly. > > > After that the TACACS server has some different problems, and it was > made > > > switched off. So i have disabled the TACACS in the router giving the > > > command "no aaa new-model", if we give command all commands related to > > > TACACS will be disappears. When we want to activate the service, just > give > > > the command "aaa new-model". so, i have given this command, and i > thought > > > all other commands also activated(Generally it happens). > > > But, that commands were deleted, and the router is going to TACACS > server > > > for authentication. > > > So, some how i logged(remote router) the router with console, and i > > > configured the necessary commands, presently it is working. > > > > > > But my question is, if the necessary commands are not there, then why > > > should router try for TACACS server, this is very dangerous. > > > and moreover cisco 7507 router has different console interface i.e., > DB25 > > > connector, which is not normally available. > > > > > > Any way, thanks for the replies. > > > Bye. > > > Ambi > > > > > > On Mon, Nov 14, 2011 at 8:00 PM, Rick Burts <[email protected]> > wrote: > > > > > >> Perhaps the first thing to do is to check the logs on the > > >> TACACS server. Is the server seeing the request? If the > > >> server is seeing the request and is denying then there should > > >> be a reason given in the log record. > > >> > > >> There are a number of things that could cause this kind of > > >> problem. You might check these: > > >> - is there IP connectivity between the router and the TACACS > > >> server? > > >> - is it possible that the TACACS requests are being filtered > > >> out by some access list or firewall on the path to the server? > > >> - is it possible that the shared key between the router and the > > >> server is not correct? > > >> - does the server have the correct configuration for the router > > >> as a client? > > >> - is the router sourcing the request from the address that the > > >> server is expecting? > > >> > > >> HTH > > >> > > >> Rick > > >> > > >> > > >> On 11/14/2011 12:14 AM, Ambedkar wrote: > > >> > > >>> Hi, > > >>> I configured the tacacs+ in the cisco 7507. But when i am connecting > and > > >>> entering the USERNAME and PASSWORD, it says authentication failed. > > >>> Other devices are working with the same configuration. > > >>> I intentionally killed the tac_plus application, eventhough it is > asking > > >>> the USERNAME and PASSWORD. > > >>> > > >>> Please help me. > > >>> bye. > > >>> ______________________________**_________________ > > >>> cisco-nsp mailing list [email protected] > > >>> https://puck.nether.net/**mailman/listinfo/cisco- > > nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp> > > >>> archive at http://puck.nether.net/**pipermail/cisco- > > nsp/<http://puck.nether.net/pipermail/cisco-nsp/> > > >>> > > >>> ______________________________**_________________ > > >> cisco-nsp mailing list [email protected] > > >> https://puck.nether.net/**mailman/listinfo/cisco- > > nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp> > > >> archive at http://puck.nether.net/**pipermail/cisco- > > nsp/<http://puck.nether.net/pipermail/cisco-nsp/> > > >> > > > _______________________________________________ > > > cisco-nsp mailing list [email protected] > > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > > > > > > > _______________________________________________ > > cisco-nsp mailing list [email protected] > > https://puck.nether.net/mailman/listinfo/cisco-nsp > > archive at http://puck.nether.net/pipermail/cisco-nsp/ > _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
