That what i have i am sourcing my tacacs with the interface it is working, below is my snipped with sanitized configuration:
authentication-order [ tacplus password ];
root-authentication {
encrypted-password "$1$Wmasdfsak$oB78zC4.XpHi09hepuIL9."; ## SECRET-DATA
}
name-server {
200.200.200.20;
100.100.100.20;
}
tacplus-server {
192.168.1.1 {
port 49;
secret "$9$LvB7b2aZUDjkfTlMasdsadasGDk.P5Qz3"; ## SECRET-DATA
}
}
tacplus-options {
no-cmd-attribute-value;
}
accounting {
events [ login change-log interactive-commands ];
destination {
tacplus {
server {
192.168.1.1 {
port 49;
secret "$9$1ITErvLxN-dw4afdsafyrWLx7-wYgoJZU"; ## SECRET-DATA
source-address 10.10.10.1;
}
}
}
}
}
user ADMIN {
uid 2003;
class super-user;
}
Route to the tacacs server:
show route 192.168.1.1
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 27w0d 17:29:47
> to 10.10.100.2 via ge-0/0/3.0
vrfa.inet.0: 95 destinations, 97 routes (95 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
192.168.1.1 *[Static/5] 20w6d 11:34:05
> to 10.10.10.2 via ge-0/0/2.0
set routing-instances vrfarouting-options static route 192.168.1.0/24 next-hop 10.10.10.2
Also each time i try to connect to usig tacacs, i am getting following syslog message on console:
Message from syslogd@FWA at Apr 16 21:37:09.700 2015 ...
FWA sshd[44946]: tac_send_authen: connect: timed out
in the log message:
Apr 16 21:27:47.396 2015 FWA mgd[44936]: %DAEMON-5-UI_TACPLUS_ERROR: TACACS+ failure: Could not bind on socket: Can't assign requested address
Apr 16 21:37:09.700 2015 FWA sshd[44946]: %AUTH-2: tac_send_authen: connect: timed out
Apr 16 21:37:09.719 2015 FWA sshd: %AUTH-5-SSHD_LOGIN_FAILED: Login failed for user 'user1' from host '172.1.1.2'
Apr 16 21:37:09.721 2015 FWA sshd[44946]: %AUTH-6: Failed password for user1 from 172.1.1.2 port 34554 ssh2
Apr 16 21:37:13.906 2015 FWA sshd[44946]: %AUTH-2: tac_send_authen: connect: timed out
Apr 16 21:37:13.912 2015 FWA sshd: %AUTH-5-SSHD_LOGIN_FAILED: Login failed for user 'user1' from host '172.1.1.2'
Apr 16 21:37:13.917 2015 FWA sshd[44946]: %AUTH-6: Failed password for user1 from 172.1.1.2 port 34554 ssh2
Apr 16 21:37:23.188 2015 FWA sshd[44946]: %AUTH-2: tac_send_authen: connect: timed out
Apr 16 21:37:23.192 2015 FWA sshd: %AUTH-5-SSHD_LOGIN_FAILED: Login failed for user 'user1' from host '172.1.1.2'
Apr 16 21:37:23.197 2015 FWA sshd[44946]: %AUTH-6: Failed password for user1 from 172.1.1.2 port 34554 ssh2
Apr 16 21:37:38.514 2015 FWA sshd: %AUTH-5-SSHD_LOGIN_ATTEMPTS_THRESHOLD: Threshold for unsuccessful authentication attempts (3) reached by user 'user1'
Apr 16 21:37:38.520 2015 FWA sshd[44946]: %AUTH-6: Disconnecting: Too many password failures for user1 [preauth]
Apr 16 21:37:38.537 2015 FWA inetd[1349]: %DAEMON-4: /usr/sbin/sshd[44946]: exited, status 255
The rout to the ip that i am coming from to switch
show route 172.1.1.2
inet.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 27w0d 17:38:44
> to 10.10.100.2 via ge-0/0/3.0
vrfa.inet.0: 95 destinations, 97 routes (95 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
172.1.1.1/30 *[Static/5] 2w6d 09:58:38
> to 10.10.200.2 via ge-0/0/0.0
[OSPF/150] 2w4d 00:09:20, metric 0, tag 0
> to 10.10.200.2 via ge-0/0/0.0
gargolek