04-21-2008 01:48 AM - edited 03-10-2019 03:48 PM
I have installed CSACS Solution engine 1113, after configuring the basic IP addressing on ACS, it is able to access all devices in my network, but no device is not able to access it, please tell me how to allow the ping on ACS,
I have 4507 catalyst switch on which solution engine is connected, I want to configure cisco 4507 for AAA.
I confiugre the following command on switch
aaa new-model
aaa authentication login default group tacacs+ line enable
aaa authentication enable default group tacacs+ enable line
tacacs-server host 172.28.31.132
tacacs-server key cisco123
But i m getting following errors when try to authenticate via AAA
d01h: AAA: parse name=tty2 idb type=-1 tty=-1
1d01h: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0
1d01h: AAA/MEMORY: create_user (0x19121E28) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='172.28.92.72' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)
1d01h: AAA/AUTHEN/START (2433767416): port='tty2' list='' action=LOGIN service=LOGIN
1d01h: AAA/AUTHEN/START (2433767416): using "default" list
1d01h: AAA/AUTHEN/START (2433767416): Method=tacacs+ (tacacs+)
1d01h: TAC+: send AUTHEN/START packet ver=192 id=2433767416
1d01h: AAA/AUTHEN (2433767416): status = ERROR
1d01h: AAA/AUTHEN/START (2433767416): Method=ENABLE
1d01h: AAA/AUTHEN (2433767416): status = GETPASS
Please tell me how to make ACS pingable and how to confiugre switch for AAA.
I am using default user group in ACS, i have added the switch in ACS with proper password.
04-21-2008 04:00 AM
If you want to ping acs appliance then you need to disable CSA.
ACS---->System configuration---->Appliance configuration---->uncheck CSA.
The running config from the router looks ok to me and I would suggest you to add one more command on router since it is layer 3 device.
ip tacacs source-interface fastethernet x/y -----> Where interface would be the one provided in tacacs server.
Regards,
~JG
Do rate helpful posts
04-21-2008 08:47 AM
Okay now I am able to ping it.
I have made a NDG and add the ACS server in it. I also add the router as client in it.
I have configured the following commands on the router
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa accounting commands 15 default start-stop group tacacs+
!
I have made a user locally on router and same user/password on ACS.
I am able to login but I am not able to see the user activity and login user in ACS.
I am looking user activity in ACS report and activity tab.
Please tell me is this the right router configuration and ACS as well.
Also tell me if i want to integrate my windows domain with ACS what are the steps will be.
Waitnig for your useful reply.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: