Joe Clarke Fri, 05/11/2007 - 17:06

There may be a more tactical solution to this (and you should probably ask on the AAA security forum about that), but when our ACS 3.2.3 server that we use for LMS integration testing does this, we simply reboot the box.

wilson_1234_2 Fri, 05/11/2007 - 17:29

That is what I did and everything camr back up,

the reason I had to do that though is that I removed and existing switch 6509 that had been in the list and now it is rejecting authentication.

everything is as it was before but now I can get in, my account is ok because I can get into other devices.

Is there any where I can find the reson for the rejection?

Joe Clarke Fri, 05/11/2007 - 17:48

If you removed the switch, I assume you re-added it, and included the correct IP address (I usually add all IPs from my devices just to be on the safe side). Make sure you specify the correct TACACS+ key when you do. Note: the key you see in the GUI may not be the real key, so make sure you enter the clear text key value correctly.

See Reports and Activities > Failed Attempts for the reason why your login is being rejected.

wilson_1234_2 Fri, 05/11/2007 - 18:23

Is there somewhere on the TACACS server that shows the clear text key?

I re-entered the same key in the other switches with no problem.

By the way, I appreciate your replys

Joe Clarke Fri, 05/11/2007 - 18:39

I'm not sure if there is a guaranteed way to see the clear text keys in ACS. But, if you have LMS, you can look at the config in the archives to find the key. You could also use LMS to do disable aaa new-model if you need to login to the switch quickly.

wilson_1234_2 Fri, 05/11/2007 - 18:45

I have it now J, I appreciate all of your help.

You have helped me in that past.

The ACS was expecting the authentication request from an IP Address that was not defined in the client list.

I put in wildcards for now, so I can relax over the weekend.

Thanks for your knowledge and thank God for this forum. Man, the things you learn here.

You don't know how much guys like me appreciate it.


This Discussion