Search icon Choose location
 
Search icon

Troubleshooting guide for TACACS+ Authentication Fails on Omada Switch

Troubleshooting
Updated 10-28-2024 06:31:59 AM 2456
This Article Applies to: 

Contents

Objective

Requirements

Introduction

Troubleshooting Steps

Conclusion

Objective

If you encounter the issue of devices being unable to authenticate successfully after configuring the TACACS+ feature on the Omada Switch, you can follow the troubleshooting steps below to resolve the problem.

Requirements

  • Omada Smart, L2+ and L3 switches
  • Omada Controller (Software Controller / Hardware Controller / Cloud Based Controller, V5.9 and above)

Introduction

To enhance network security, you can configure TACACS+ authentication to restrict client access to the switch through the SSH protocol or Console interface.The topology of TACACS+ authentication, including Client/Switch/ TACACS+ Server.

Troubleshooting Steps

Step 1. Check the network connectivity.

Ensure the network link between the switch and the TACACS+ Server is normal, and also ensure that the authentication port (usually 49, but there are exceptions) is enabled by the TACACS+ Server.

Step 2. Check that the username and password used for authentication are correct.

Step 3. Check the configurations of TACACS+ Server and AAA.

Go to Tools > Terminal, select Switch as the Device Type, select the switch that has TACACS+ configured, and then click Open Terminal.

The position to open Switch terminal on Controller.

Use the following command to view information about the configuration:

Switch>en

Switch#show run

Input shows run command on terminal; firstly, you should enter in to enter command mode.

Find the following configuration information related to TACACS+ Server and AAA. Make sure that the IP address, port number, and key of the TACACS+ Server are correct. "test" is a custom login method that specifies TACACS+ authentication as the first priority.

Check information related to TACACS+ Server, here focus on IP address, port number, and key.

Find the following configuration information and make sure that the authentication method for SSH/Console login is specified as “test”.

Check the authentication method.

Note: The switch is not accessible using telnet after being adopted by Contrller.

Step 4. Check if ACL, IMPB, MAC Filtering, or other security policies are configured.

Conclusion

We have now completed the troubleshooting of TACACS+ authentication failure.

Get to know more details of each function and configuration please go to Download Center to download the manual of your product.

Related FAQs

Is this faq useful?

Your feedback helps improve this site.

Recommend Products

Community

TP-Link Community

Still need help? Search for answers, ask questions, and get help from TP-Link experts and other users around the world.

Visit the Community >

From United States?

Get products, events and services for your region.

GO Other Option

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

This website uses cookies to improve website navigation, analyze online activities and have the best possible user experience on our website. You can object to the use of cookies at any time. You can find more information in our privacy policy . Don’t show again

Basic Cookies

These cookies are necessary for the website to function and cannot be deactivated in your systems.

TP-Link

accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType

Livechat

__livechat, __lc2_cid, __lc2_cst, __lc_cid, __lc_cst, CASID

Youtube

id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ

Analysis and Marketing Cookies

Analysis cookies enable us to analyze your activities on our website in order to improve and adapt the functionality of our website.

The marketing cookies can be set through our website by our advertising partners in order to create a profile of your interests and to show you relevant advertisements on other websites.

Google Analytics & Google Tag Manager

_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>

Google Ads & DoubleClick

test_cookie, _gcl_au

Meta Pixel

_fbp

Crazy Egg

cebsp_, _ce.s, _ce.clock_data, _ce.clock_event, cebs

Hotjar

OptanonConsent, _sctr, _cs_s, _hjFirstSeen, _hjAbsoluteSessionInProgress, _hjSessionUser_14, _fbp, ajs_anonymous_id, _hjSessionUser_<hotjar-id>, _uetsid, _schn, _uetvid, NEXT_LOCALE, _hjSession_14, _hjid, _cs_c, _scid, _hjAbsoluteSessionInProgress, _cs_id, _gcl_au, _ga, _gid, _hjIncludedInPageviewSample, _hjSession_<hotjar-id>, _hjIncludedInSessionSample_<hotjar-id>

Linkedin

lidc, AnalyticsSyncHistory, UserMatchHistory, bcookie, li_sugr, ln_or