Lossing connection to console & telnet.

Unanswered Question
Oct 6th, 2008

Hi All...

Below is the configuration i had done onto the switch for AAA.

aaa new-model

aaa group server tacacs+ tacgroup

server 172.30.xx.xx

server 172.30.yy.yy

!

aaa authentication login default group tacgroup enable

aaa authentication enable default group tacgroup enable

aaa authorization console

aaa authorization exec default group tacgroup if-authenticated

!

ip tacacs source-interface Vlan34

!

tacacs-server host 172.30.xx.xx

tacacs-server host 172.30.yy.yy

tacacs-server directed-request

tacacs-server key 7 060506324F41

!

line con 0

session-timeout 5

exec-timeout 5 0

password 7 11481D0029021E0201

transport output telnet ssh

line vty 0 4

session-timeout 5

exec-timeout 5 0

password 7 13441317351C11242E

transport input telnet ssh

transport output telnet ssh

line vty 5 15

transport input lat pad mop udptn telnet rlogin ssh nasi acercon

!

!

Initially everything was working fine when i configured ACS SE 4.1. I was able to login through tacacs without any issues. But suddenly after a month without any changes it strted creating problem for me. One by one i m lossing telnet access to all my devices.

What happens is when i telnet the device it shows blank screen & after a while it displays

% Authentication failed.

Connection to host lost.

Also i lost my console connection to devices. I even tried disconnecting my ACS SE from the network but still the same problems come & its giving getting to fallback password.

Its critical can some one tell me is it an ACS issue or some problem with the IOS i m using. IOS ver is 12.2(33)SXH1

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jagdeep Gambhir Mon, 10/06/2008 - 10:45

When user fails to login , do you see any hits on acs failed or passed attempts ?

Regards,

~JG

piyush_singh Mon, 10/06/2008 - 10:55

no hits are coming onto ACS. Its not even asking for loging. Its directly giving % Authorization failed on console as well as on telnet.

Jagdeep Gambhir Mon, 10/06/2008 - 11:31

Did you make any changes in acs network configuration ? Specially with the NDG or aaa-client shared key ?

NDG key overwrite aaa-client key.

Regards,

~JG

Do rate helpful posts

piyush_singh Mon, 10/06/2008 - 12:01

No changes have been done with NDG. Its not that every i m not getting access for all the devices that are configured for AAA. But day before yesterday i lost access for my distribution switch then the next day for core & today for my other distribution switch. If it would have been an issue for some configuration changes the after disconnecting my ACS form network it should have asked for the fallback password like other devices in network. But that don't happens & i have to recover the password for the device to get console & telnet access.

Actions

This Discussion