AAA configurations not working

Unanswered Question
Jun 27th, 2007
User Badges:


Hello,


I tried to configure my router to authenticate with cisco ACS, but although the router can ping the acs server, i can't login

using the acs user, please have alook to the configuration and help me to find the missing parts


aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization commands 1 default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa session-id common



tacacs-server host 172.x.x.1 key xxx

tacacs-server directed-request


username talal password talal



this is the only configuration i done for AAA, so is there anything else should i do


thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
mahmoodmkl Wed, 06/27/2007 - 03:58
User Badges:
  • Gold, 750 points or more

Hi


First check weather u have added the router as a client in ACS.if not add it.


Next add the below line in the aaa config.


aaa authentication enable default group tacacs+ local enable


Thanks

Mahmood

royalblues Wed, 06/27/2007 - 04:10
User Badges:
  • Green, 3000 points or more

Can you add the following commands and try


line vty 0 15

exec-timeout 5 0

privilege level 15

authorization commands 15 default

authorization commands 1 default

authorization exec default

accounting connection default

accounting commands 1 default

accounting commands 15 default

accounting exec default

login authentication default


Narayan

Jagdeep Gambhir Wed, 06/27/2007 - 04:45
User Badges:
  • Red, 2250 points or more

Hi Habeeb,

Your commands are fine, no need to change it.


-> Please check if you get any hits on acs failed attempts ? If no, then


make sure the shared secret is correct, enter it again, do not copy/paste.


Also add this command on the router,


ip tacacs source interface (IP or interface)


In the above command you need to put the IP that is defined in the ACS , network configuration for the router in question.


If still issue is there , then get me debugs


debug aaa authentication

debug tacacs


Pls rate if helps !


Regards,

~JG


Next time onward please post this kind of issues in AAA fourm.

habeeb_talal Sun, 07/01/2007 - 01:28
User Badges:

Hello,


Thank you all very much, it is now working after adding the router in the ACS and configure the right key.


Thanks

Jagdeep Gambhir Mon, 07/02/2007 - 04:54
User Badges:
  • Red, 2250 points or more

Nice to know that.


Please mark this thread as resolved, so that others can benefit from it.


Regards,

~JG


Actions

This Discussion