04-12-2010 05:05 AM - edited 03-10-2019 05:03 PM
ihave added router ip & hostname as aaa clients,
aaa configuration has been done on Device ,
the router is pingable from Acs server, but its not authenticating ,
local user is still active, what could be the issue.
the following configuration is given
aaa new-model
aaa group server tacacs+ NACS_Group1
aaa authentication login default group NACS_Group1 local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization exec default group NACS_Group1 if-authenticated
aaa authorization exec NACS_Group1 group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 defaultgroup start-stop group tacacs+
aaa accounting commands 15 defaultgroup start-stop group tacacs+
aaa session-id common
====
tacacs-server host Primary IP timeout 5
tacacs-server host SEcondary IP timeout 5
tacacs-server directed-request
tacacs-server key 7 104D000A061843595F
04-12-2010 05:29 AM
ihave added router ip & hostname as aaa clients,
aaa configuration has been done on Device ,the router is pingable from Acs server, but its not authenticating ,
local user is still active, what could be the issue.the following configuration is given
aaa new-model
aaa group server tacacs+ NACS_Group1
aaa authentication login default group NACS_Group1 local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization exec default group NACS_Group1 if-authenticated
aaa authorization exec NACS_Group1 group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 defaultgroup start-stop group tacacs+
aaa accounting commands 15 defaultgroup start-stop group tacacs+
aaa session-id common
====
tacacs-server host Primary IP timeout 5
tacacs-server host SEcondary IP timeout 5
tacacs-server directed-request
tacacs-server key 7 104D000A061843595F
Hi,
Are you getting any failed attempt messages on cisco ACS when ever you are trying to telnet or ssh on router and have you configured the following command on line vty also
line vty 0 4
login authentication groupname
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide