Authentication on 3750 against ACS

aksher · ‎03-22-2007

After making AAA changes on the catalyst 3750 the key configuration part was missed and the login attempt on the switch is getting failed now. There are no logs in the "failed attempts" on the ACS. What is the solution now?

Richard Burts · ‎03-22-2007

Aksher

I am not clear about several things in your post. You describe it as making changes, so does that mean that it was configured and was working and you changed something and now it is not working or does it mean something else?

If it was working and you changed something, then what did you change?

When you say that there are no logs in the failed attempts on ACS does that include no messages about attempt from unknown host?

If there are really no logs in the failed attempts from the 3750 then that may imply that there is an IP connectivity problem. Can you verify (by ping or anything else) that there is connectivity from 3750 to ACS and from ACS to 3750?

If this does not help you resolve your issue then perhaps you can clarify some of the things that I asked.

HTH

Rick

HTH

Rick

Mehdi_ab · ‎03-23-2007

What do u mean by the key configuration part was missed? Either there is a connectivity problem or secretkey config wasn't done correctly...

We'll need more details.

dbp · ‎03-26-2007

Sounds like you did not complete the AAA configs enough so that the 3750 can use acs for auth.

Also there was no backup configured to use the line or local passwords in the event that acs becomes unavailable. Can you get in via the console?