Cisco Secure ACS v4.2 problem

Unanswered Question
Nov 20th, 2013
User Badges:

Let me start off by saying I'm a novice, and my ACS was installed by someone else and the drive shipped to me.


The basic problem is that I can't get my Catalyst 3560 to authenticate through the Tacacs.


The ACS had the local loopback (127.0.0.1) set as the aaa server.  I changed it to the IP (10.1.5.50) of my Win Server 2008 box that it's installed on.  My 3560 is 10.1.5.1, which I configured in the TACACS as a aaa client.

When I log on to 3560, it just logs on local.  The Tacacs log show’s failed attempts from 10.20.30.6 (The local loopback of the 3560).  The error message is “unknown NAS”.  I get no successful logon attempts.  I added 10.20.30.6 as a aaa client on the Tacacs, and the 3560 still logs on local, but I no longer get the failed attempt from 10.20.30.6.


Ihave the same shared secret for aaa server and client on the Tacacs, as well as aaa host on the 3560.


I set my 3560 as follows:

aaa new-model

tacacs-server host 10.1.5.50

aaa authentication login default group tacacs+ local

aaa authorization exec default group tacacs+ local


Can anyone shed some light on this?

Another question - Can I have the user account only on the Tacacs, or do I need a matching account on the 3560?


Thanks,

Mike

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion

 

 

Trending Topics - Security & Network