Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA Authorization with Service-Engine (CUE) module

Dear Sir:

After implemented Tacacs+ in my router, I no longer able login to the Service-Engine (CUE) with 'service-module service-Engine 2/0 session'

Here is my config:

aaa new-model

aaa authentication banner ^CCCUnauthorised use is prohibited^C

aaa authentication login Telnet group tacacs+ line

aaa authentication login Console group tacacs+ line none

aaa authentication enable default group tacacs+ enable

aaa authorization exec default group tacacs+ if-authenticated

aaa authorization commands 1 default group tacacs+ if-authenticated

aaa authorization commands 15 default group tacacs+ if-authenticated

aaa authorization reverse-access default group tacacs+ if-authenticated

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting connection default start-stop group tacacs+

and the error in ACS server read as 'Service Denied' for 'service=raccess'.

Any clue?

Thanks

SH

2 REPLIES
New Member

Re: AAA Authorization with Service-Engine (CUE) module

this might help u...u can do a reprogram

New Member

Re: AAA Authorization with Service-Engine (CUE) module

Hi,

I found out the problem myself, CUE are running over tty line, if your NM-CUE installed in slot 2/0, the tty line will be 130, while for slot 1/0, the tty number will be 66, you can find out the line number with 'service-module service-Engine 2/0 status' command, after found the tty number, just add the login command into it.

Example:

line tty 130

login authentication Telnet

Cheers

Bernard

446
Views
0
Helpful
2
Replies