Skip to main content
Start a Conversation

Unsolved

P

punisher911

11 Posts

1866

May 20th, 2019 06:00

Getting a S4128F-ON to work with Tacacs?

How do you get the S4128F-ON to communicate with a Tacacs server? I have configured the few options available, per the OS 10.4 set up guide, but the switch is not working properly for Tacacs authentication. 

DELL-Josh Cr

Moderator

 • 

8.5K Posts

May 20th, 2019 14:00

Hi,

Is it able to ping the tacacs server? Does it give any errors?

punisher911

11 Posts

May 21st, 2019 03:00

Yes it can ping the server and no errors. We can ssh into the switch normally, but when added to Tacacs, remote connectivity stops. Doesn't mesh quite correctly with the Tacacs server. The host IP is correct. Key is correct. On the server side, switch hostname and IP are correct. The older ps8024 that this S4128F will replace work fine with Tacacs. This new switch is on 10.4

punisher911

11 Posts

May 21st, 2019 04:00

aaa accounting tacacs-mode start-stop
aaa authentication tacacs local radius

tacacs-server host 172.x.x.x key *******

 

s4128f-1# ping 172.x.x.x
PING 172.x.x.x (172.x.x.x) 56(84) bytes of data.
64 bytes from 172.x.x.x: icmp_seq=1 ttl=63 time=3.21 ms
64 bytes from 172.x.x.x: icmp_seq=2 ttl=63 time=5.56 ms
64 bytes from 172.x.x.x: icmp_seq=3 ttl=63 time=0.825 ms

--- 172.x.x.x ping statistics ---
16 packets transmitted, 16 received, 0% packet loss, time 15012ms
rtt min/avg/max/mdev = 0.825/3.543/8.476/1.962 ms

 

But shows "Access denied" with any login account when trying to remote into the switch after inputting it into the Tacacs server

DELL-Josh Cr

Moderator

 • 

8.5K Posts

May 21st, 2019 09:00

Try increasing the timeout on the switch for tacacs. tacacs-server timeout 30

punisher911

11 Posts

May 21st, 2019 10:00

I gave that a try. Unfortunately did not work. I've been able to get everything else working on this switch, except the Tacacs for AAA. Which is needed to put this in production. 

DELL-Josh Cr

Moderator

 • 

8.5K Posts

May 21st, 2019 11:00

I am not seeing any other settings that would prevent this from working. Can you private message me the service tag? It may require an escalation and calling into support could be a good option.

punisher911

11 Posts

May 21st, 2019 12:00

I did previously, we have the top level service for it. Guess I will have to call it in. 

punisher911

11 Posts

May 28th, 2019 04:00

Was a bug in the code. Had to upgrade the code. All set now.

View More

View All

No Events found!

Top