How do you get the S4128F-ON to communicate with a Tacacs server? I have configured the few options available, per the OS 10.4 set up guide, but the switch is not working properly for Tacacs authentication.
Is it able to ping the tacacs server? Does it give any errors?
Yes it can ping the server and no errors. We can ssh into the switch normally, but when added to Tacacs, remote connectivity stops. Doesn't mesh quite correctly with the Tacacs server. The host IP is correct. Key is correct. On the server side, switch hostname and IP are correct. The older ps8024 that this S4128F will replace work fine with Tacacs. This new switch is on 10.4
aaa accounting tacacs-mode start-stop
aaa authentication tacacs local radius
tacacs-server host 172.x.x.x key *******
s4128f-1# ping 172.x.x.x
PING 172.x.x.x (172.x.x.x) 56(84) bytes of data.
64 bytes from 172.x.x.x: icmp_seq=1 ttl=63 time=3.21 ms
64 bytes from 172.x.x.x: icmp_seq=2 ttl=63 time=5.56 ms
64 bytes from 172.x.x.x: icmp_seq=3 ttl=63 time=0.825 ms
--- 172.x.x.x ping statistics ---
16 packets transmitted, 16 received, 0% packet loss, time 15012ms
rtt min/avg/max/mdev = 0.825/3.543/8.476/1.962 ms
But shows "Access denied" with any login account when trying to remote into the switch after inputting it into the Tacacs server
Try increasing the timeout on the switch for tacacs. tacacs-server timeout 30
I gave that a try. Unfortunately did not work. I've been able to get everything else working on this switch, except the Tacacs for AAA. Which is needed to put this in production.
I am not seeing any other settings that would prevent this from working. Can you private message me the service tag? It may require an escalation and calling into support could be a good option.