06-27-2007 03:27 AM - edited 03-05-2019 04:59 PM
Hello,
I tried to configure my router to authenticate with cisco ACS, but although the router can ping the acs server, i can't login
using the acs user, please have alook to the configuration and help me to find the missing parts
aaa new-model
aaa authentication login default group tacacs+ local
aaa authorization commands 1 default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
tacacs-server host 172.x.x.1 key xxx
tacacs-server directed-request
username talal password talal
this is the only configuration i done for AAA, so is there anything else should i do
thanks
06-27-2007 03:58 AM
Hi
First check weather u have added the router as a client in ACS.if not add it.
Next add the below line in the aaa config.
aaa authentication enable default group tacacs+ local enable
Thanks
Mahmood
06-27-2007 04:10 AM
Can you add the following commands and try
line vty 0 15
exec-timeout 5 0
privilege level 15
authorization commands 15 default
authorization commands 1 default
authorization exec default
accounting connection default
accounting commands 1 default
accounting commands 15 default
accounting exec default
login authentication default
Narayan
06-27-2007 04:45 AM
Hi Habeeb,
Your commands are fine, no need to change it.
-> Please check if you get any hits on acs failed attempts ? If no, then
make sure the shared secret is correct, enter it again, do not copy/paste.
Also add this command on the router,
ip tacacs source interface (IP or interface)
In the above command you need to put the IP that is defined in the ACS , network configuration for the router in question.
If still issue is there , then get me debugs
debug aaa authentication
debug tacacs
Pls rate if helps !
Regards,
~JG
Next time onward please post this kind of issues in AAA fourm.
07-01-2007 01:28 AM
Hello,
Thank you all very much, it is now working after adding the router in the ACS and configure the right key.
Thanks
07-02-2007 04:54 AM
Nice to know that.
Please mark this thread as resolved, so that others can benefit from it.
Regards,
~JG
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: