ACE 4710 A3(2.0) and ACS - TACACS+

Answered Question
Aug 17th, 2010
User Badges:

Hi.


I am having trouble getting my ACE 4710 (A3(2.0) Build 3.0) to cooperate with my Cisco Secure ACS-server. In the same environment I have it working on my ACE Module, with the same configuration.


ACE 4710:

tacacs-server host 10.7.50.20 key 7 "fewhg"
aaa group server tacacs+ tacacs_server_group
    server 10.7.50.20
    deadtime 15
aaa authentication login default group tacacs_server_group local none
aaa accounting default group tacacs_server_group local
aaa authentication login error-enable


ACS is configured correctly too. I have tried with several users, both in groups, with and without attributes and so forth. The ACS installation works with other devices and with my ACE modules running A2(3.1). I have tried this on both ACS 4.2(0).124 and 4.2(1).15.


The strange part is what I see when I set up Wireshark on my ACS-server to look at the traffic. From what I can see, the ACE only sends a request to the AAA-server if the user exists locally. But I do not get authenticated and Failed Attempts show a line with with Message-Type: "Unknown NAS".


It seems like others have the same problem. The problem is that the link attacked in the topic beneath only leads me back to forum and not to a topic with solution.

https://supportforums.cisco.com/thread/132445?decorator=print&displayFullThread=true#132445


Any help is appreciated and thanks in advance!

Correct Answer by litrenta about 6 years 9 months ago

are you using telnet or ssh ?


if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078


http://tools.cisco.com/squish/03240

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
litrenta Tue, 08/17/2010 - 11:23
User Badges:
  • Cisco Employee,

are you using telnet or ssh ?


if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078


http://tools.cisco.com/squish/03240

olemariuss Sat, 08/21/2010 - 05:54
User Badges:

Thanks for answer. Also works great with accessing it through https first.:)

Actions

This Discussion

Related Content