Troubleshooting guide for TACACS+ Authentication Fails on Omada Switch

TL-SG2008P , TL-SG3452X , SG3452XMPP , TL-SG2218P , TL-SG2424P , TL-SG3452XP , TL-SG2016P , SG3428XPP-M2 , SG3428XMPP , TL-SG2210P( V3.20 V3.26 V4 V5 V5.6 ) , SG2210MP( V5.6 ) , TL-SX3008F , TL-SL2428P( V4 V4.20 V4.26 V5 V6 V6.6 ) , TL-SX3016F , SG2218 , SG3428 , TL-SG3452P , TL-SG3428X , SG3218XP-M2 , SL2428P( V4 V4.20 V4.26 V5 V6 V6.6 ) , TL-SG3428X-M2 , SG3210X-M2 , TL-SG3428XF , TL-SG2210MP , SG3428X-M2 , SG3452 , SG3210( V3 V3.6 ) , TL-SG3428XPP-M2 , SX3032F , SG3452X , SG3210XHP-M2 , TL-SG3210XHP-M2 , SG2008( V3 V3.6 V4 V4.6 ) , TL-SG2428P , SG3428XF , SG2005P-PD , SX3008F , SG3428MP , SG3428X , SG3452P , SX3016F , TL-SG3428X-UPS , SX6632YF , SG2218P , SG2428P , SG2008P , SG3452XP , TL-SG3428 , TL-SG2218 , SG2210P( V3.20 V3.26 V4 V5 V5.6 ) , SG2016P , TL-SG3428MP , TL-SG2008( V3 V3.6 V4 V4.6 ) , TL-SG3452 , TL-SG3210( V3 V3.6 ) , TL-SX3206HPP , SG3428XMP , TL-SG3428XMP , SX3206HPP
Recent updates may have expanded access to feature(s) discussed in this FAQ. Visit your product's support page, select the correct hardware version for your device, and check either the Datasheet or the firmware section for the latest improvements added to your product. Please note that product availability varies by region, and certain models may not be available in your region.
Contents
Objective
If you encounter the issue of devices being unable to authenticate successfully after configuring the TACACS+ feature on the Omada Switch, you can follow the troubleshooting steps below to resolve the problem.
Requirements
- Omada Smart, L2+ and L3 switches
- Omada Controller (Software Controller / Hardware Controller / Cloud Based Controller, V5.9 and above)
Introduction
To enhance network security, you can configure TACACS+ authentication to restrict client access to the switch through the SSH protocol or Console interface.
Troubleshooting Steps
Step 1. Check the network connectivity.
Ensure the network link between the switch and the TACACS+ Server is normal, and also ensure that the authentication port (usually 49, but there are exceptions) is enabled by the TACACS+ Server.
Step 2. Check that the username and password used for authentication are correct.
Step 3. Check the configurations of TACACS+ Server and AAA.
Go to Tools > Terminal, select Switch as the Device Type, select the switch that has TACACS+ configured, and then click Open Terminal.
Use the following command to view information about the configuration:
Switch>en
Switch#show run
Find the following configuration information related to TACACS+ Server and AAA. Make sure that the IP address, port number, and key of the TACACS+ Server are correct. "test" is a custom login method that specifies TACACS+ authentication as the first priority.
Find the following configuration information and make sure that the authentication method for SSH/Console login is specified as “test”.
Note: The switch is not accessible using telnet after being adopted by Contrller.
Step 4. Check if ACL, IMPB, MAC Filtering, or other security policies are configured.
Conclusion
We have now completed the troubleshooting of TACACS+ authentication failure.
Get to know more details of each function and configuration please go to Download Center to download the manual of your product.
Related FAQs
Ez a GY.I.K. hasznos volt?
Véleménye segíti az oldal fejlesztését
What’s your concern with this article?
- Dissatisfied with product
- Too Complicated
- Confusing Title
- Does not apply to me
- Too Vague
- Other
Thank you
We appreciate your feedback.
Click here to contact TP-Link technical support.
Recommend Products
-
SG3428XMPP
Omada 24-Port Gigabit and 4-Port 10GE SFP+ L2+ Managed Switch with 16-Port PoE+ & 8-Port PoE++
-
SG3452XMPP
Omada 48-Port Gigabit and 4-Port 10GE SFP+ L2+ Managed Switch with 40-Port PoE+ & 8-Port PoE++
-
SG3428XPP-M2
Omada 24-Port 2.5GBASE-T and 4-Port 10GE SFP+ L2+ Managed Switch with 16-Port PoE+ & 8-Port PoE++
Ez a weboldal cookie -kat használ a weboldal navigációjának javítása, az online tevékenységek elemzése és a felhasználók számára a legjobb élmény biztosítása érdekében. A cookie -k használata ellen bármikor tiltakozhat. További információt az adatvédelmi irányelveinkben talál.
Ez a weboldal cookie -kat használ a weboldal navigációjának javítása, az online tevékenységek elemzése és a felhasználók számára a legjobb élmény biztosítása érdekében. A cookie -k használata ellen bármikor tiltakozhat. További információt az adatvédelmi irányelveinkben talál.
Alap Cookie-k
Ezek a cookie -k a webhely működéséhez szükségesek, és nem tilthatók le a rendszereiben.
TP-Link
SESSION, JSESSIONID, accepted_local_switcher, tp_privacy_base, tp_privacy_marketing, tp_smb-select-product_scence, tp_smb-select-product_scenceSimple, tp_smb-select-product_userChoice, tp_smb-select-product_userChoiceSimple, tp_smb-select-product_userInfo, tp_smb-select-product_userInfoSimple, tp_top-banner, tp_popup-bottom, tp_popup-center, tp_popup-right-middle, tp_popup-right-bottom, tp_productCategoryType
Youtube
id, VISITOR_INFO1_LIVE, LOGIN_INFO, SIDCC, SAPISID, APISID, SSID, SID, YSC, __Secure-1PSID, __Secure-1PAPISID, __Secure-1PSIDCC, __Secure-3PSID, __Secure-3PAPISID, __Secure-3PSIDCC, 1P_JAR, AEC, NID, OTZ
Zendesk
OptanonConsent, __cf_bm, __cfruid, _cfuvid, _help_center_session, _pendo___sg__.<container-id>, _pendo_meta.<container-id>, _pendo_visitorId.<container-id>, _zendesk_authenticated, _zendesk_cookie, _zendesk_session, _zendesk_shared_session, ajs_anonymous_id, cf_clearance
Marketing és Elemző Cookie-k
Az elemző cookie -k lehetővé teszik számunkra, hogy elemezzük weboldalunkon végzett tevékenységeit, hogy javítsuk és módosítsuk webhelyünk működését.
Hirdetési partnereink a weboldalunkon keresztül marketing cookie -kat állíthatnak be annak érdekében, hogy érdeklődési körének profilját, és hogy releváns hirdetéseket jelenítsen meg más webhelyeken.
Google Analytics & Google Tag Manager
_gid, _ga_<container-id>, _ga, _gat_gtag_<container-id>
Google Ads & DoubleClick
test_cookie, _gcl_au