The customer uses TACACS server as the authentication method, after he configures on the switch S5700, but he always can’t login the switch S5700.
Firstly,To check basic configuration, I find that the Tacacs configuration isn’t complete on S5700, there are some important configuration lost. As following:
authorization-cmd 3 hwtacacs
authorization-cmd 15 hwtacacs
// There is no domain configuration for the hwtacacs authentication, need to configure.
And then ask the customer to add the following domain configuraion:
After added above configuration, the customer test again but still failed. At this time, he find that the authentication on the Tacacs server shows login successfully, as following:
This information shows the authentication on the server side is normal now,maybe there are some especial configuration lost on the switch. And then to confirm with customer about the login detailed information (such as login method, which protocol and so on).The customer tells us that he used SSH method to login the switch.
So I check the configuration related SSH again, I find that for Tacacs authentication, there is an important command missed, as following:
[S5700]ssh authentication-type default password //for SSH via HWTACACS, need to configure this command
After configure the above commands, the customer can login the switch now, the problem is resolved.
The root cause is that the configuration is not complete on the switch S5700. There are some important configurations lost, include domain and SSH configuration.
The solution is to add the lost commands and complete the domain and SSH method configuration.