Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA authentication errors

Hi, I'm trying to figure out what might be causing this error?

Oct 25 10:53:29.800: TAC+: (883737627) AUTHEN/CONT queued

Oct 25 10:53:34.800: TAC+: (883737627) AUTHEN/CONT -- TIMED OUT

Oct 25 10:53:34.800: TAC+: (883737627) AUTHEN/CONT processed

Oct 25 10:53:34.800: TAC+: Error sending continue packet.

Oct 25 10:53:34.800: TAC+: Closing TCP/IP 0x479241D0 connection to

Oct 25 10:53:34.800: AAA/AUTHEN (883737627): status = ERROR

I'm running ACS v4. and IOS Version 12.2(18)SXF on my 6513s.

Any ideas?

thank you.

  • AAA Identity and NAC

Re: AAA authentication errors

It looks like its timing out. Do you have the timeout set to 5 seconds? Make sure you can access the ACS server from the device. If that's OK, try increasing your timeout. Also check your ACS failed attempts log and see if there is anything in there.

HTH and please rate.

Hall of Fame Super Silver

Re: AAA authentication errors


From the messages I would guess that you are attempting to send the authentication request to the TACACS/ACS and not receiving a response.

The first thing that I would check would be IP connectivity. In checking on this we need to know whether you have configured the option to specify the source address for TACACS packets? If you have specified the source address for TACACS then you need to check connectivity with an extended ping. In the extended ping specify the destination as 10.20..0.10 (the TACACS server) and specify the source address as whatever you have specified in your config as the source for TACACS. If you have not specified the source address then check connectivity with a standard ping to

If there is not a problem with IP connectivity then I suggest that the next thing to check is whether the server is receiving the authentication request. Look in the logs on the server - especially look in the failed attempts report and see if the authentication request was seen and if so why the server did not authenticate it.



This widget could not be displayed.