ACE 4710 A3(2.0) and ACS - TACACS+

Answered Question
Aug 17th, 2010

Hi.

I am having trouble getting my ACE 4710 (A3(2.0) Build 3.0) to cooperate with my Cisco Secure ACS-server. In the same environment I have it working on my ACE Module, with the same configuration.

ACE 4710:

tacacs-server host 10.7.50.20 key 7 "fewhg"
aaa group server tacacs+ tacacs_server_group
    server 10.7.50.20
    deadtime 15
aaa authentication login default group tacacs_server_group local none
aaa accounting default group tacacs_server_group local
aaa authentication login error-enable

ACS is configured correctly too. I have tried with several users, both in groups, with and without attributes and so forth. The ACS installation works with other devices and with my ACE modules running A2(3.1). I have tried this on both ACS 4.2(0).124 and 4.2(1).15.

The strange part is what I see when I set up Wireshark on my ACS-server to look at the traffic. From what I can see, the ACE only sends a request to the AAA-server if the user exists locally. But I do not get authenticated and Failed Attempts show a line with with Message-Type: "Unknown NAS".

It seems like others have the same problem. The problem is that the link attacked in the topic beneath only leads me back to forum and not to a topic with solution.

https://supportforums.cisco.com/thread/132445?decorator=print&displayFullThread=true#132445

Any help is appreciated and thanks in advance!

I have this problem too.
0 votes
Correct Answer by litrenta about 6 years 3 months ago

are you using telnet or ssh ?

if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078

http://tools.cisco.com/squish/03240

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
olemariuss Sat, 08/21/2010 - 05:54

Thanks for answer. Also works great with accessing it through https first.:)

Actions

This Discussion

Related Content