cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
432
Views
4
Helpful
5
Replies

AAA configurations not working

habeeb_talal
Level 1
Level 1

Hello,

I tried to configure my router to authenticate with cisco ACS, but although the router can ping the acs server, i can't login

using the acs user, please have alook to the configuration and help me to find the missing parts

aaa new-model

aaa authentication login default group tacacs+ local

aaa authorization commands 1 default group tacacs+ none

aaa authorization commands 15 default group tacacs+ none

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa session-id common

tacacs-server host 172.x.x.1 key xxx

tacacs-server directed-request

username talal password talal

this is the only configuration i done for AAA, so is there anything else should i do

thanks

5 Replies 5

mahmoodmkl
Level 7
Level 7

Hi

First check weather u have added the router as a client in ACS.if not add it.

Next add the below line in the aaa config.

aaa authentication enable default group tacacs+ local enable

Thanks

Mahmood

Can you add the following commands and try

line vty 0 15

exec-timeout 5 0

privilege level 15

authorization commands 15 default

authorization commands 1 default

authorization exec default

accounting connection default

accounting commands 1 default

accounting commands 15 default

accounting exec default

login authentication default

Narayan

Jagdeep Gambhir
Level 10
Level 10

Hi Habeeb,

Your commands are fine, no need to change it.

-> Please check if you get any hits on acs failed attempts ? If no, then

make sure the shared secret is correct, enter it again, do not copy/paste.

Also add this command on the router,

ip tacacs source interface (IP or interface)

In the above command you need to put the IP that is defined in the ACS , network configuration for the router in question.

If still issue is there , then get me debugs

debug aaa authentication

debug tacacs

Pls rate if helps !

Regards,

~JG

Next time onward please post this kind of issues in AAA fourm.

Hello,

Thank you all very much, it is now working after adding the router in the ACS and configure the right key.

Thanks

Nice to know that.

Please mark this thread as resolved, so that others can benefit from it.

Regards,

~JG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: