TACACS+ Crazy Stuff

Started by deanwebb, January 29, 2015, 11:20:31 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

deanwebb

January 29, 2015, 11:20:31 AM
Setting up access to a device in TACACS+...

When it's in a group that already existed, access is fine.

When it's moved to a new group, nobody can get to it: the accounts authenticate in TACACS+, but they get hit with "default rule" and denied access.

Put the device back in the group that existed before the object was added, and access is fine again.

This has happened with multiple devices and multiple new groups. Our workaround is to keep the devices in the old groups and then make one-off rules that filter by IP address.
Take a baseball bat and trash all the routers, shout out "IT'S A NETWORK PROBLEM NOW, SUCKERS!" and then peel out of the parking lot in your Ferrari.
"The world could perish if people only worked on things that were easy to handle." -- Vladimir Savchenko
Вопросы есть? Вопросов нет! | BCEB: Belkin Certified Expert Baffler | "Plan B is Plan A with an element of panic." -- John Clarke
Accounting is architecture, remember that!
Air gaps are high-latency Internet connections.
Print
Go Up Pages1
User actions