acs 4.2.1.15 and ssh authentication with ios xr

Unanswered Question
Mar 9th, 2010
User Badges:

Hello,


we have a new acs appliance (1113) with version 4.2.1.15 and we want to authenticate user through ssh from routers with ios xr software. unfortunately this doesn't work.


Here ist our configuration of the router:


##################################################

line template VTY
access-class ingress abcd

!

tacacs-server host x.x.x.x port 49 single-connection

tacacc-server key 7 test

!

tacacs source-interface Loopback13

!

ssh server v2
ssh timeout 60

! AAA config
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting commands default start-stop group tacacs+
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
aaa authentication login default group tacacs+ local

##################################################


does anybody has a solution for this problem?


thnx and best regards

Torsten Waibel

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Ganesh Hariharan Tue, 03/09/2010 - 23:48
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hello,


we have a new acs appliance (1113) with version 4.2.1.15 and we want to authenticate user through ssh from routers with ios xr software. unfortunately this doesn't work.


Here ist our configuration of the router:


##################################################

line template VTY
access-class ingress abcd

!

tacacs-server host x.x.x.x port 49 single-connection

tacacc-server key 7 test

!

tacacs source-interface Loopback13

!

ssh server v2
ssh timeout 60

! AAA config
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting commands default start-stop group tacacs+
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
aaa authentication login default group tacacs+ local

##################################################


does anybody has a solution for this problem?


thnx and best regards

Torsten Waibel


Hi Torsten Waibel,


For ssh to support you should have a cryptography ios image in router and check the following command in line vty that transpot input ssh under line vty cofiguration.


If helpful do rate the post


Ganesh.H

t.waibel Wed, 03/10/2010 - 00:44
User Badges:

Hi Ganeshh,


sorry, i forgot to tell that we have an old acs appliance 1112 working with 4.0 with ssh authentication working properly.

This includes that we do have cryptography ios images.


So in my opinion the problem is maybe located at the new acs software 4.2.1.15.


Best regards

Torsten

Ganesh Hariharan Wed, 03/10/2010 - 00:58
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi Ganeshh,


sorry, i forgot to tell that we have an old acs appliance 1112 working with 4.0 with ssh authentication working properly.

This includes that we do have cryptography ios images.


So in my opinion the problem is maybe located at the new acs software 4.2.1.15.


Best regards

Torsten


Hi Torsten,


I dont think it can be problem with acs version can you check that your are able to do telnet and logs are coming into acs.


Ganesh.H

Ganesh Hariharan Thu, 03/25/2010 - 02:50
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016

Hi,


problem is solved!


Best regards

Torsten


Hi Torsten,


It will be helpful if you can share what was the problem so that other get beniffted with your post


Ganesh.H

Actions

This Discussion