ACS Ping connectivity

Unanswered Question
Apr 21st, 2008

I have installed CSACS Solution engine 1113, after configuring the basic IP addressing on ACS, it is able to access all devices in my network, but no device is not able to access it, please tell me how to allow the ping on ACS,

I have 4507 catalyst switch on which solution engine is connected, I want to configure cisco 4507 for AAA.

I confiugre the following command on switch

aaa new-model

aaa authentication login default group tacacs+ line enable

aaa authentication enable default group tacacs+ enable line

tacacs-server host 172.28.31.132

tacacs-server key cisco123

But i m getting following errors when try to authenticate via AAA

d01h: AAA: parse name=tty2 idb type=-1 tty=-1

1d01h: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

1d01h: AAA/MEMORY: create_user (0x19121E28) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='172.28.92.72' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

1d01h: AAA/AUTHEN/START (2433767416): port='tty2' list='' action=LOGIN service=LOGIN

1d01h: AAA/AUTHEN/START (2433767416): using "default" list

1d01h: AAA/AUTHEN/START (2433767416): Method=tacacs+ (tacacs+)

1d01h: TAC+: send AUTHEN/START packet ver=192 id=2433767416

1d01h: AAA/AUTHEN (2433767416): status = ERROR

1d01h: AAA/AUTHEN/START (2433767416): Method=ENABLE

1d01h: AAA/AUTHEN (2433767416): status = GETPASS

Please tell me how to make ACS pingable and how to confiugre switch for AAA.

I am using default user group in ACS, i have added the switch in ACS with proper password.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 04/21/2008 - 04:00

If you want to ping acs appliance then you need to disable CSA.

ACS---->System configuration---->Appliance configuration---->uncheck CSA.

The running config from the router looks ok to me and I would suggest you to add one more command on router since it is layer 3 device.

ip tacacs source-interface fastethernet x/y -----> Where interface would be the one provided in tacacs server.

Regards,

~JG

Do rate helpful posts

wasiimcisco Mon, 04/21/2008 - 08:47

Okay now I am able to ping it.

I have made a NDG and add the ACS server in it. I also add the router as client in it.

I have configured the following commands on the router

aaa new-model

!

!

aaa authentication login default group tacacs+ local

aaa accounting commands 15 default start-stop group tacacs+

!

I have made a user locally on router and same user/password on ACS.

I am able to login but I am not able to see the user activity and login user in ACS.

I am looking user activity in ACS report and activity tab.

Please tell me is this the right router configuration and ACS as well.

Also tell me if i want to integrate my windows domain with ACS what are the steps will be.

Waitnig for your useful reply.

Actions

This Discussion