AAA configurations not working

Unanswered Question
Jun 27th, 2007

Hello,

I tried to configure my router to authenticate with cisco ACS, but although the router can ping the acs server, i can't login

using the acs user, please have alook to the configuration and help me to find the missing parts

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization commands 1 default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa session-id common

tacacs-server host 172.x.x.1 key xxx

tacacs-server directed-request

username talal password talal

this is the only configuration i done for AAA, so is there anything else should i do

thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
mahmoodmkl Wed, 06/27/2007 - 03:58

Hi

First check weather u have added the router as a client in ACS.if not add it.

Next add the below line in the aaa config.

aaa authentication enable default group tacacs+ local enable

Thanks

Mahmood

royalblues Wed, 06/27/2007 - 04:10

Can you add the following commands and try

line vty 0 15

exec-timeout 5 0

privilege level 15

authorization commands 15 default

authorization commands 1 default

authorization exec default

accounting connection default

accounting commands 1 default

accounting commands 15 default

accounting exec default

login authentication default

Narayan

Jagdeep Gambhir Wed, 06/27/2007 - 04:45

Hi Habeeb,

Your commands are fine, no need to change it.

-> Please check if you get any hits on acs failed attempts ? If no, then

make sure the shared secret is correct, enter it again, do not copy/paste.

Also add this command on the router,

ip tacacs source interface (IP or interface)

In the above command you need to put the IP that is defined in the ACS , network configuration for the router in question.

If still issue is there , then get me debugs

debug aaa authentication

debug tacacs

Pls rate if helps !

Regards,

~JG

Next time onward please post this kind of issues in AAA fourm.

habeeb_talal Sun, 07/01/2007 - 01:28

Hello,

Thank you all very much, it is now working after adding the router in the ACS and configure the right key.

Thanks

Jagdeep Gambhir Mon, 07/02/2007 - 04:54

Nice to know that.

Please mark this thread as resolved, so that others can benefit from it.

Regards,

~JG

Actions

This Discussion