acs 4.2.1.15 and ssh authentication with ios xr

t.waibel · ‎03-09-2010

Hello,

we have a new acs appliance (1113) with version 4.2.1.15 and we want to authenticate user through ssh from routers with ios xr software. unfortunately this doesn't work.

Here ist our configuration of the router:

##################################################

line template VTY
access-class ingress abcd

!

tacacs-server host x.x.x.x port 49 single-connection

tacacc-server key 7 test

!

tacacs source-interface Loopback13

!

ssh server v2
ssh timeout 60

! AAA config
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting commands default start-stop group tacacs+
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
aaa authentication login default group tacacs+ local

##################################################

does anybody has a solution for this problem?

thnx and best regards

Torsten Waibel

Ganesh Hariharan · ‎03-09-2010

Hello,
we
have a new acs appliance (1113) with version 4.2.1.15 and we want to
authenticate user through ssh from routers with ios xr software.
unfortunately this doesn't work.
Here ist our configuration of the router:
##################################################
line template VTY
 access-class ingress abcd
!
tacacs-server host x.x.x.x port 49 single-connection
tacacc-server key 7 test
!
tacacs source-interface Loopback13
!
ssh server v2
ssh timeout 60
! AAA config
aaa accounting exec default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa accounting commands default start-stop group tacacs+
aaa authorization exec default group tacacs+ none
aaa authorization commands default group tacacs+ none
aaa authentication login default group tacacs+ local
##################################################
does anybody has a solution for this problem?
thnx and best regards
Torsten Waibel

Hi Torsten Waibel,

For ssh to support you should have a cryptography ios image in router and check the following command in line vty that transpot input ssh under line vty cofiguration.

If helpful do rate the post

Ganesh.H

t.waibel · ‎03-10-2010

Hi Ganeshh,

sorry, i forgot to tell that we have an old acs appliance 1112 working with 4.0 with ssh authentication working properly.

This includes that we do have cryptography ios images.

So in my opinion the problem is maybe located at the new acs software 4.2.1.15.

Best regards

Torsten

Ganesh Hariharan · ‎03-10-2010

Hi Ganeshh,

sorry, i forgot to tell that we have an old acs appliance 1112 working with 4.0 with ssh authentication working properly.

This includes that we do have cryptography ios images.

So in my opinion the problem is maybe located at the new acs software 4.2.1.15.

Best regards

Torsten

Hi Torsten,

I dont think it can be problem with acs version can you check that your are able to do telnet and logs are coming into acs.

Ganesh.H

t.waibel · ‎03-25-2010

Hi,

problem is solved!

Best regards

Torsten

Ganesh Hariharan · ‎03-25-2010

Hi,

problem is solved!

Best regards

Torsten

Hi Torsten,

It will be helpful if you can share what was the problem so that other get beniffted with your post

Ganesh.H