Command Mode: Admin Mode
Parameter: None
Usage Guide: Enable the TACACS+ debugging messages to check the negotiation
process of the TACACS+ protocol which can help detecting the failure.
Example: Enable the debugging messages of the TACACS+ protocol
Switch#debug tacacs-server
2.9.4 Typical TACACS+ Scenarios
A computer connects to a switch, of which the IP address is 10.1.1.2 and connected
with a TACACS+ authentication server; IP address of the server is 10.1.1.3 and the
authentication port is defaulted at 49, telnet log on authentication of the switch
Switch(Config)#interface vlan 1
Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0
Switch(Config-if-vlan1)#exit
Switch(Config)#tacacs-server authentication host 10.1.1.3
Switch(Config)#tacacs-server key test
Switch(Config)#authentication login tacacs local
2.9.5 TACACS+ Troubleshooting
In configuring and using TACACS+, the TACACS+ may fail to authentication due
to reasons such as physical connection failure or wrong configurations. The user should
ensure the following:
First good condition of the TACACS+ server physical connection
Second all interface and link protocols are in the UP state (use "show interface"
command)
Then ensure the TACACS+ key configured on the switch is in accordance with the
one configured on TACACS+ server
10.1.1.1
Tacacs Server
Fig 2-6 TACACS Configuration
122
Switch
10.1.1.2
10.1.1.3