cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
465
Views
0
Helpful
3
Replies

Unauthorized device logging in via Cisco Secure ACS 3.2

spanglenuts
Level 1
Level 1

We have the Cisco Secure ACS v 3.2. There is a devices that we recently discovered is not added into the network configuration on the ACS. This device running IOS 12.2(29) does have all of the correct tacacs settings that should allow it to authenticate via Tacacs.

So basically, the ACS is allowing users to use this device to login, even though it's not in the Network Config.

When we look at the Logged-in Users report, it show the host name as "Tacacs+ Default". We aren't sure what that is supposed to mean, and why it's allowing it.

Thank You for your time,

Andrew

3 Replies 3

Jagdeep Gambhir
Level 10
Level 10

Andrew,

Make sure that you not using any Wildcards inplace to IP address in network configuration. Eg using 192.168.*.*

This will open tacacs request from whole network 192.168

Also check the passed attempts and check the NAS IP address from the where the request is coming. Search for that IP in network configuration and see if that IP belong to that switch in question. L3 switch can have multiple ip address.

If that IP belong to that swtich , then you need to take that out from network configuration.

Regards,

~JG

Do rate helpful posts

I went through and checked for both cases. But still haven't found out the reason.

One thing we did notice, the tacacs server key on this switch is different than the keys we typically use. It's possible someone could have put this key in there a long time ago, and that person probably doesn't work here anymore. Is there some magicical cisco ACS tacacs server key that will allow it to authenticate no matter what?

Thanks.

Sounds strange...No there is no magical key for ACS or any other device. If the key in acs is different to key in switch then it should not authenticate.

Without AAA client IP and secret key ACS will not let that client to communicate. There is surely something misconfiguration.

Can you login to that switch and get these debugs. debug tacacs and debug aaa authentication.

Regards,

~JG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: