Problem whit 3560 and tacacs

Firewalls, PIX, ASA, VPN, Access Control List, User Authentication, Data Encryption and Best Practices.
Post Reply
martinadasme
Cisco FastHub400
Posts: 5
Joined: Tue Jul 05, 2011 7:38 am

Problem whit 3560 and tacacs

Post by martinadasme » Tue Jul 05, 2011 8:40 am

I have a 3560 trunked to 3750 stack. The 3560 get ping to tacacs (in debian) and the same for tacacs to 3560. so I have connectivity.


But the 3560 no logging whit tacacs, anda i dont now why, please help me!!! The 3750 work whit tacacs and have the same configuration, and others 2960/3750 works whit this configuration


In the tacacs the line for this host was write.


host = 10.185.133.97 {type = cisco key = Turner }

host = 10.185.133.42 {type = cisco key = cssturner }

host = 10.185.133.116 { type = cisco key = Turner }

host = 10.185.136.59 { type = cisco key = Turner }


the configuration of the 3560 is:


aaa new-model

aaa authentication login default group tacacs+ local enable

aaa authorization exec default group tacacs+ local

aaa accounting suppress null-username

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 0 default stop-only group tacacs+

aaa accounting commands 1 default stop-only group tacacs+

aaa accounting commands 15 default stop-only group tacacs+

!

aaa session-id common



interface GigabitEthernet0/48 trunk to 3750

description connection to rt-g1cer-b

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 2-900

switchport mode trunk

udld port aggressive

interface Vlan521

ip address 10.185.136.59 255.255.255.192

!

interface Vlan524

ip address 172.16.153.171 255.255.255.0

!

ip default-gateway 10.185.136.1

ip classless

ip route 0.0.0.0 0.0.0.0 10.185.136.1

ip http server

!

ip tacacs source-interface Vlan521

!

logging trap notifications

logging facility local6

logging source-interface Vlan521

logging 10.185.133.60

snmp-server community cssturner RO 99

snmp-server community cssRWTurner RW 99

snmp-server ifindex persist

snmp-server trap-source Vlan521

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server host 10.185.133.60


tacacs-server host 10.185.133.60

tacacs-server directed-request

tacacs-server key 7 XXXXX

radius-server source-ports 1645-1646

line con 0

line vty 0 4

password 7

line vty 5 15

password 7



The debug in the 3560:


Jul 5 14:21:37.086: AAA/ACCT/CMD: User turner, Port tty1, Priv 15:

"terminal monitor <cr>"

Jul 5 14:21:37.086: AAA/ACCT/CMD: Found list "default"

Jul 5 14:21:37.086: AAA/ACCT: user turner, acct type 3 (732008493): Method=tacacs+ (tacacs+)

Jul 5 14:21:37.086: TAC+: Opening TCP/IP to 10.185.133.60/49 timeout=5

Jul 5 14:21:37.086: TAC+: Opened TCP/IP handle 0x39399E0 to 10.185.133.60/49 using source 10.185.136.59

Jul 5 14:21:37.086: TAC+: periodic timer started

Jul 5 14:21:37.086: TAC+: 10.185.133.60 req=3814FF0 Qd id=732008493 ver=192 handle=0x39399E0 expire=5 ACCT/REQUEST/STOP queued

Jul 5 14:21:37.187: TAC+: 10.185.133.60 id=732008493 wrote 142 of 142 bytes

Jul 5 14:21:37.187: TAC+: 10.185.133.60 req=3814FF0 Qd id=732008493 ver=192 handle=0x39399E0 expire=4 ACCT/REQUEST/STOP sent

Jul 5 14:21:37.287: TAC+: 10.185.133.60 read=12 wanted=12 alloc=12 got=12

Jul 5 14:21:37.287: TAC+: 10.185.133.60 read=17 wanted=17 alloc=17 got=5

Jul 5 14:21:37.287: TAC+: 10.185.133.60 received 17 byte reply for 3814FF0

Jul 5 14:21:37.287: TAC+: req=3814FF0 Tx id=732008493 ver=192 handle=0x39399E0 expire=4 ACCT/REQUEST/STOP processed

Jul 5 14:21:37.287: TAC+: periodic timer stopped (queue empty)

Jul 5 14:21:37.287: TAC+: Closing TCP/IP 0x39399E0 connection to 10.185.133.60/49




the tcpdump in the tacacs :


aaadns1 ~ # tcpdump -nni bond0 host 10.185.136.59
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on bond0, link-type EN10MB (Ethernet), capture size 68 bytes
11:59:06.079879 IP 10.185.136.59.11525 > 10.185.133.60.49: S 790869469:790869469(0) win 4128 <mss 536>
11:59:06.079895 IP 10.185.133.60.49 > 10.185.136.59.11525: S 1696757733:1696757733(0) ack 790869470 win 5840 <mss 1460>
11:59:06.230097 IP 10.185.136.59.11525 > 10.185.133.60.49: . ack 1 win 4128
11:59:06.389137 IP 10.185.136.59.11525 > 10.185.133.60.49: P 1:132(131) ack 1 win 4128
11:59:06.389146 IP 10.185.133.60.49 > 10.185.136.59.11525: . ack 132 win 6432
11:59:06.389222 IP 10.185.133.60.49 > 10.185.136.59.11525: P 1:18(17) ack 132 win 6432
11:59:06.389233 IP 10.185.133.60.49 > 10.185.136.59.11525: F 18:18(0) ack 132 win 6432
11:59:06.421249 IP 10.185.136.59.11525 > 10.185.133.60.49: . ack 19 win 4111
11:59:06.546583 IP 10.185.136.59.11525 > 10.185.133.60.49: FP 132:132(0) ack 19 win 4111
11:59:06.546597 IP 10.185.133.60.49 > 10.185.136.59.11525: . ack 133 win 6432
12:00:01.150846 IP 10.185.136.59.123 > 10.185.133.61.123: NTPv3 client, strat 3, poll 6, prec -18
12:00:01.150862 IP 10.185.133.61.123 > 10.185.136.59.123: NTPv3 server, strat 2, poll 6, prec -20
12:01:05.148673 IP 10.185.136.59.123 > 10.185.133.61.123: NTPv3 client, strat 3, poll 6, prec -18
12:01:05.148687 IP 10.185.133.61.123 > 10.185.136.59.123: NTPv3 server, strat 2, poll 6, prec -20
12:02:09.154809 IP 10.185.136.59.123 > 10.185.133.61.123: NTPv3 client, strat 3, poll 6, prec -18
12:02:09.154825 IP 10.185.133.61.123 > 10.185.136.59.123: NTPv3 server, strat 2, poll 6, prec -20
12:03:13.152589 IP 10.185.136.59.123 > 10.185.133.61.123: NTPv3 client, strat 3, poll 6, prec -18
12:03:13.152603 IP 10.185.133.61.123 > 10.185.136.59.123: NTPv3 server, strat 2, poll 6, prec -20

18 packets captured
18 packets received by filter
0 packets dropped by kernel


HELP ME PLEASE!!!!! THANKS......

Post Reply