Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
421
Views
0
Helpful
1
Replies

Acs not working

anandkumar.cisco
Level 1
Level 1

‎04-12-2010 05:05 AM - edited ‎03-10-2019 05:03 PM

ihave added  router ip & hostname as aaa clients,
aaa configuration has been done on Device ,

the router is pingable from Acs server, but its not authenticating ,
local user is still active, what could be the issue.

the following configuration is given

aaa new-model
aaa group server tacacs+ NACS_Group1
aaa authentication login default group NACS_Group1 local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization exec default group NACS_Group1 if-authenticated
aaa authorization exec NACS_Group1 group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 defaultgroup start-stop group tacacs+
aaa accounting commands 15 defaultgroup start-stop group tacacs+
aaa session-id common
====
tacacs-server host Primary IP timeout 5
tacacs-server host SEcondary IP  timeout 5
tacacs-server directed-request
tacacs-server key 7 104D000A061843595F

Labels:
0 Helpful
1 Reply 1

Ganesh Hariharan
VIP Alumni
VIP Alumni

‎04-12-2010 05:29 AM 

 ihave added  router ip & hostname as aaa clients,
 aaa configuration has been done on Device ,
the router is pingable from Acs server, but its not authenticating , 
local user is still active, what could be the issue.
the following configuration is given
aaa new-model
aaa group server tacacs+ NACS_Group1
aaa authentication login default group NACS_Group1 local
aaa authentication enable default none
aaa authorization config-commands
aaa authorization exec default group NACS_Group1 if-authenticated
aaa authorization exec NACS_Group1 group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 defaultgroup start-stop group tacacs+
aaa accounting commands 15 defaultgroup start-stop group tacacs+
aaa session-id common
====
tacacs-server host Primary IP timeout 5
tacacs-server host SEcondary IP  timeout 5
tacacs-server directed-request
tacacs-server key 7 104D000A061843595F

Hi,

Are you getting any failed attempt messages on cisco ACS when ever you are trying to telnet or ssh on router and have you configured the following command on line vty also


line vty 0 4
login authentication groupname

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

0 Helpful
Customers Also Viewed These Support Documents