Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Acs 4.2 issue

Dear all,

i have given the below configuration in Device,
but no fail attempts in  nacs Server & authentication is failure
how can it be sorted  out

aaa new-model
aaa group server tacacs+ NACS_Group1
aaa authentication login default group NACS_Group1 local
aaa authentication login prov none
aaa authentication enable default group NACS_Group1 enable
aaa authorization config-commands
aaa authorization exec default group NACS_Group1 if-authenticated
aaa authorization exec NACS_Group1 group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 defaultgroup start-stop group tacacs+
aaa accounting commands 15 defaultgroup start-stop group tacacs+
aaa session-id common

tacacs-server host timeout 5
tacacs-server host timeout 5
tacacs-server directed-request
tacacs-server key 7 110A1016141D5A5E57

line vty 0 4
login authentication default

New Member

Re: Acs 4.2 issue


Here is the deal, your configuration on the network device is correct i dont know why you are getting fail attempts. Here is what you can do to troubleshoot it:

Try a  debug tacacs authentication, log the debug then go over it to see what is causing it.

Since this config looks fine to me i guess your problem may be on the ACS, check your tacacs key, make sure the device is added to the ACS, make sure the users are correctly added on the ACS .

I'm sorry i can help you more