ACS 4.0 Doesn't Recognise Device

Unanswered Question
Mar 6th, 2008
User Badges:

I've just added a device to the ACS network config to allow authentication, etc via tacacs+. I set a key on the ACS and did all of the config on the Cat2950 switch that I could find doco on. When I try and telnet to the switch I get an "%Authentication failed" message.

In the ACS TACACS log I see that the request went to the ACS but the ACS recorded it as an "Unknown device" and "ignored" it. I've triple-checked that the keys are the same on the ACS and on the switch. There are no NDG's.

All help appreciated as this is my first time attempting to configure AAA of any sort.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Wed, 03/12/2008 - 15:34
User Badges:
  • Silver, 250 points or more

As a troubleshooting step, try unchecking "validate server certificate" on the client's EAP settings. If it passes, then you definitely have a certificate issue.

The server certificate must have an Enhanced Key Usage field with "Server Authentication" in it. The root certificate must be installed on the client in the Trusted Root Authorities section of local machine storage

ben_johnson Wed, 03/12/2008 - 16:15
User Badges:

Thanks for the tip. In the end, a simple machine reboot did the job. Just restarting the ACS service/s didn't do the trick.




This Discussion