Mark Thrun
asked on
How do I set up a TACACS connection to my CSS 11503?
I'm working on getting a CSS 11503 to authenticate admin logins through my ACS server running TACACS+. I have added the server and tried various different settings for the frequency and timeouts. When I do a "show TACACS" command it always shows the server as "DEAD" under the state, but I can ping the ACS server from the CSS.
I have also tried different configs with and with out the virtual authentication primary tacacs. I believe that command is for Telnet, but I tried it anyway still with no luck.
I suppose its possible there is something special that needs to be done on the ACS server for the CSS. Currently I'm using the same settings that I've been using for all my other network devices and have had no problems with them.
Any ideas?
I have also tried different configs with and with out the virtual authentication primary tacacs. I believe that command is for Telnet, but I tried it anyway still with no luck.
I suppose its possible there is something special that needs to be done on the ACS server for the CSS. Currently I'm using the same settings that I've been using for all my other network devices and have had no problems with them.
Any ideas?
CSS11503(config)# sh taca
Per-Server Status:
IP/Port State Primary Authen. Author. Account
------- ----- ------- ------- ------- ------
10.1.9.35:49 Dead Yes 0 0 0
Totals: 0 0 0
Per-Server Configuration:
IP/Port Key Server Timeout Server Frequency
------- --- -------------- ----------------
10.1.9.35:49 Configured 60 None
Global Configuration Parameters:
Global Timeout: 30
Global KAL Frequency: 5
Global Key: Configured
Authorize Config Commands: No
Authorize Non-Config Commands: No
Account Config Commands: No
Account Non-Config Commands: No
Send Full Command: Yes
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.