10-30-2008 12:55 PM - last edited on 03-25-2019 05:25 PM by ciscomoderator
Please I just deployed ACS on my net work. I am using internal database,i have created the the accounts in the ACS, and specify the AAA client as my router.
I included same share key as i did on the router. Below is what i did on router..
tacac+ key (same as on ACS)
tacac+ host (ip add of ACS)
aaa new model
aaa authentication login JUST group tacac+ line.
line vty 0 4
aaa autheentication JUST.
-----
I created a user on ACS , but it wont authenticate on the router.
1.please tell me what and what need to be done.
2.Is AAA server needed for internal database user (though I configur it with the ip add of my DC ,am i write?)
10-31-2008 07:17 AM
Did you define source interface for tacacs authentication.
On router issue command,
ip tacacs source-interface fastethernet x/y , where interface would be the one mentioned in tacacs server.
Also check acs, if there is any shared key on NDG level. NDG over overrites aaa-client key.
If still issue is there get
debug tacacs
debug aaa authentication
Regards,
~JG
10-31-2008 12:23 PM
In addition to the good suggestions from JG I would suggest looking at the failed attempts report on the ACS server. If the authentication attempts are getting to the server then there should be entries in the failed attempts report and the entry should help identify the reason for the failure (common causes in this kind of situation are unknown device (either the router is not defined as a client in ACS or the router is sending the request packet with a source address other than the one configured in ACS) or invalid key, or perhaps unknown user.
HTH
Rick
11-03-2008 11:28 PM
I am saying a big thank you to you and every one.I am pleased to notify you that the ACS is working fine. I bliv this forum will help me on my way to CCIE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide