Unsolved
11 Posts
0
1919
Getting a S4128F-ON to work with Tacacs?
How do you get the S4128F-ON to communicate with a Tacacs server? I have configured the few options available, per the OS 10.4 set up guide, but the switch is not working properly for Tacacs authentication.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 20th, 2019 14:00
Hi,
Is it able to ping the tacacs server? Does it give any errors?
punisher911
11 Posts
0
May 21st, 2019 03:00
Yes it can ping the server and no errors. We can ssh into the switch normally, but when added to Tacacs, remote connectivity stops. Doesn't mesh quite correctly with the Tacacs server. The host IP is correct. Key is correct. On the server side, switch hostname and IP are correct. The older ps8024 that this S4128F will replace work fine with Tacacs. This new switch is on 10.4
punisher911
11 Posts
0
May 21st, 2019 04:00
aaa accounting tacacs-mode start-stop
aaa authentication tacacs local radius
tacacs-server host 172.x.x.x key *******
s4128f-1# ping 172.x.x.x
PING 172.x.x.x (172.x.x.x) 56(84) bytes of data.
64 bytes from 172.x.x.x: icmp_seq=1 ttl=63 time=3.21 ms
64 bytes from 172.x.x.x: icmp_seq=2 ttl=63 time=5.56 ms
64 bytes from 172.x.x.x: icmp_seq=3 ttl=63 time=0.825 ms
--- 172.x.x.x ping statistics ---
16 packets transmitted, 16 received, 0% packet loss, time 15012ms
rtt min/avg/max/mdev = 0.825/3.543/8.476/1.962 ms
But shows "Access denied" with any login account when trying to remote into the switch after inputting it into the Tacacs server
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 21st, 2019 09:00
Try increasing the timeout on the switch for tacacs. tacacs-server timeout 30
punisher911
11 Posts
0
May 21st, 2019 10:00
I gave that a try. Unfortunately did not work. I've been able to get everything else working on this switch, except the Tacacs for AAA. Which is needed to put this in production.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
May 21st, 2019 11:00
I am not seeing any other settings that would prevent this from working. Can you private message me the service tag? It may require an escalation and calling into support could be a good option.
punisher911
11 Posts
0
May 21st, 2019 12:00
I did previously, we have the top level service for it. Guess I will have to call it in.
punisher911
11 Posts
1
May 28th, 2019 04:00
Was a bug in the code. Had to upgrade the code. All set now.