Router Attempting Authentication to TACACS

Unanswered Question
Nov 24th, 2008

I have a new router which about every 2-3 mintues tries to authenticate to the TACACS server. With variuos usernames like:

rb: <

rb: <

Local_1> User Access Verification

own command verb: <USERNAME:>.

ccess Verification

ess Verification

cal_1> Username:

ame:

al_1> User Access Verification

Local_1> Username:

Local_1> Username:

fied.

rb: <

n command verb: <

rb: <

ame:

e> Username:

Local_1> Username:

Local_1> Username:

Local_1> Username:

n command verb: <

nd verb: <USER>.

r: Unknown command verb: <USER>.

nd verb: <USER>.

ER>.

Here's the basic config:

aaa new-model

!

!

aaa authentication login default group tacacs+ local line

aaa authentication login ACS group tacacs+ local

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ local

!

!

aaa session-id common

!

tacacs-server host A.B.C.D

tacacs-server host A.B.C.D

tacacs-server key 7 XXXXXXXXXXXXXXXXXXXXXXX

!

line con 0

line aux 0

line vty 0 4

Any help will be greatly appreciated.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sadbulali Mon, 12/01/2008 - 07:45

Authentication, authorization, and accounting (AAA) network security services provide the primary framework through which you set up access control on your router or access server.

See the following url for an example to configure Authentication, Authorization, and Accounting (AAA) on a Cisco router using Radius or TACACS+ protocols:

http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080093c81.shtml

Also refer the url below for detailed information on AAA:

http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfathen.html

ssarte123 Mon, 12/01/2008 - 07:58

Thanks for the link but I have AAA configured on many cisco routers and switches, but this one router seems to attempt logins which fail repeatedly according to my logs.

ganeshhiyer Mon, 12/01/2008 - 21:45

Hi There,

As per the configuration in router it clearly say's that for login it should prompt for tacas ser first,then local database and lastly lin vty.

Username should be configured in ACS and AAA client is also added in ACS.

Thanks

Ganesh

Actions

This Discussion