Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TACACS on Extreme 300-24

Status
Not open for further replies.
rvrrvr

rvrrvr

IS-IT--Management
Jun 26, 2009
13
BG
Hello guys,

I need to configure an Extreme Summit 300-24 to use TACACS to authenticate admin logins.

I found only this: config tacacs [primary | secondary] server [<ipaddress> | <hostname>] {<udp_port>}
client-ip <ipaddress>.

My question is: do I need anything else or that's enough for the Switch?

Thank you in advance....

Regards,

rvr
 
Sort by date Sort by votes
I believe you'll have to define a shared secret key too:

conf tacacs primary shared-secret xxxxxx

And then enable tacacs.

 
Upvote 0 Downvote
Excellent reply, thank you very much.

Regards,

Rumen
 
Upvote 0 Downvote
I did the steps discussed before but the Switch cannot speak with the TACACS (Cisco ACS). Anyone experianced this problem ??

Here are the commands I have entered in the Switch:

# TACACS configuration
enable tacacs
configure tacacs primary server 192.168.x.x 49 client-ip 192.168.x.x (my Switch IP add)
configure tacacs primary server 192.168.x.x shared-secret encrypted "xxxxxxxx"

Please let me know if you think I have to configure something else.

In the log of the Switch I am getting:

09/16/2009 05:12:31.56 <Warn:SYST> Authentication failed for user test-user through ssh2 from 192.168.x.x
09/16/2009 05:12:23.90 <Erro:SYST> TACACS+ Authentication: Unable to connect to 192.168.x.x within 3 secs
09/16/2009 05:11:53.83 <Info:SYST> SSH Negotiated algorithms: cipher: blowfish-cbc mac: hmac-md5 compression none


regards,

rvr


 
Upvote 0 Downvote
I don't think you need the "encrypted" option. It's odd, but I ran into the same thing getting an error when I originally tried that. Instead, just use the shared secret name:

conf tacacs primary shared-secret "xxxxxx"

See if that makes any differene.
 
Upvote 0 Downvote
When you specify "encrypted" it means you're entering in the shared secret in it's encrypted form - which you're not likely doing. Once you enter the secret in plain text, it becomes encrypted in the config.

Basically a simple explanation of why gigaspeed is correct to not use "encrypted" option.
 
Upvote 0 Downvote
Guys, I didnt use option encrypted, just entered the command above. It is set by default.
When I issue sh config I see it in the TACACS section.

How to disable it?

Can this prevent the swtich to speak to the TACACS by any chance:

enable ssh2 access-profile none port 22

I see it in sh config.

regards,

rvr
 
Upvote 0 Downvote
The sh config does list it in our working setup, so I don't think that's the problem then.

I'm not sure about the ssh2 either, sorry. That seems normal to me from the little ssh experience to be honest though. We use Cisco ACS too, but we don't use ssh. (I know we should, but.......)

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Giant-Killer
  • Locked
  • Question
Default Configuration on X450e-48p
Replies
0
Views
264
Giant-Killer
Giant-Killer
TamiratC
  • Locked
  • Question
Guys I am new to extreme networks i
Replies
0
Views
265
TamiratC
TamiratC
d00ner62
  • Locked
  • Question
Extreme 210
Replies
1
Views
234
ADB100
ADB100
MoJHK
  • Locked
  • Question
Extreme 210 POE service port was down
Replies
0
Views
178
MoJHK
MoJHK
Dr.strange
  • Locked
  • Question
Extreme networks x450a
Replies
0
Views
213
Dr.strange
Dr.strange

Part and Inventory Search

Sponsor

Back
Top