The customer uses TACACS server as the authentication method, after he configures on the switch S5700, but he always can’t login the switch S5700.
aaa authentication-scheme default authentication-scheme test authentication-mode hwtacacs authorization-scheme default authorization-scheme test authorization-mode hwtacacs authorization-cmd 3 hwtacacs authorization-cmd 15 hwtacacs accounting-scheme default accounting-scheme test accounting-mode hwtacacs domain default domain default_admin
There is no domain configuration for the hwtacacs authentication, which needs to configure.
When we ask the customer to add the following domain configuraion:
domain test authentication-scheme test authorization-scheme test hwtacacs-server test
After added above configuration, the customer test again but still failed. At this time, he find that the authentication on the Tacacs server shows login successfully, as below:
This information shows the authentication on the server side is workable now, thus we propose that maybe there are some especial configuration lost on the switch.After checking the login detailed information (such as login method, which protocol and so on) with customer. We found customer used SSH method to login the switch.
[S5700]ssh authentication-type default password //for SSH via HWTACACS, need to configure this command
After configure the above commands, the customer can login the switch now, the problem is resolved.
The solution is to add the lost commands and complete the domain and SSH method configuration.