acs 4.2.1.15 and ssh authentication with ios xr

Unanswered Question
Mar 9th, 2010

Hello,

we have a new acs appliance (1113) with version 4.2.1.15 and we want to authenticate user through ssh from routers with ios xr software. unfortunately this doesn't work.

Here ist our configuration of the router:

##################################################

line template VTY
access-class ingress abcd

!

tacacs-server host x.x.x.x port 49 single-connection

tacacc-server key 7 test

!

tacacs source-interface Loopback13

!

ssh server v2
ssh timeout 60

! AAA config
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting commands default start-stop group tacacs+
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
aaa authentication login default group tacacs+ local

##################################################

does anybody has a solution for this problem?

thnx and best regards

Torsten Waibel

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Tue, 03/09/2010 - 23:48

Hello,

we have a new acs appliance (1113) with version 4.2.1.15 and we want to authenticate user through ssh from routers with ios xr software. unfortunately this doesn't work.

Here ist our configuration of the router:

##################################################

line template VTY
access-class ingress abcd

!

tacacs-server host x.x.x.x port 49 single-connection

tacacc-server key 7 test

!

tacacs source-interface Loopback13

!

ssh server v2
ssh timeout 60

! AAA config
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting commands default start-stop group tacacs+
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
aaa authentication login default group tacacs+ local

##################################################

does anybody has a solution for this problem?

thnx and best regards

Torsten Waibel

Hi Torsten Waibel,

For ssh to support you should have a cryptography ios image in router and check the following command in line vty that transpot input ssh under line vty cofiguration.

If helpful do rate the post

Ganesh.H

t.waibel Wed, 03/10/2010 - 00:44

Hi Ganeshh,

sorry, i forgot to tell that we have an old acs appliance 1112 working with 4.0 with ssh authentication working properly.

This includes that we do have cryptography ios images.

So in my opinion the problem is maybe located at the new acs software 4.2.1.15.

Best regards

Torsten

Ganesh Hariharan Wed, 03/10/2010 - 00:58

Hi Ganeshh,

sorry, i forgot to tell that we have an old acs appliance 1112 working with 4.0 with ssh authentication working properly.

This includes that we do have cryptography ios images.

So in my opinion the problem is maybe located at the new acs software 4.2.1.15.

Best regards

Torsten

Hi Torsten,

I dont think it can be problem with acs version can you check that your are able to do telnet and logs are coming into acs.

Ganesh.H

Ganesh Hariharan Thu, 03/25/2010 - 02:50

Hi,

problem is solved!

Best regards

Torsten

Hi Torsten,

It will be helpful if you can share what was the problem so that other get beniffted with your post

Ganesh.H

Actions

This Discussion