Acs 4.2 issue

anandkumar.cisco · ‎04-14-2010

Dear all,

i have given the below configuration in Device,
but no fail attempts in nacs Server & authentication is failure
how can it be sorted out

aaa new-model
!
!
aaa group server tacacs+ NACS_Group1
server 10.193.212.94
server 10.193.212.247
!
aaa authentication login default group NACS_Group1 local
aaa authentication login prov none
aaa authentication enable default group NACS_Group1 enable
aaa authorization config-commands
aaa authorization exec default group NACS_Group1 if-authenticated
aaa authorization exec NACS_Group1 group tacacs+ local
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting commands 1 defaultgroup start-stop group tacacs+
aaa accounting commands 15 defaultgroup start-stop group tacacs+
!
aaa session-id common

tacacs-server host 10.193.212.94 timeout 5
tacacs-server host 10.193.212.247 timeout 5
tacacs-server directed-request
tacacs-server key 7 110A1016141D5A5E57

line vty 0 4
login authentication default

Rodrigo Gurriti · ‎04-15-2010

anandkumar,

Here is the deal, your configuration on the network device is correct i dont know why you are getting fail attempts. Here is what you can do to troubleshoot it:

Try a debug tacacs authentication, log the debug then go over it to see what is causing it.

Since this config looks fine to me i guess your problem may be on the ACS, check your tacacs key, make sure the device is added to the ACS, make sure the users are correctly added on the ACS .

I'm sorry i can help you more