Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS wont authenticate

Please I just deployed ACS on my net work. I am using internal database,i have created the the accounts in the ACS, and specify the AAA client as my router.

I included same share key as i did on the router. Below is what i did on router..

tacac+ key (same as on ACS)

tacac+ host (ip add of ACS)

aaa new model

aaa authentication login JUST group tacac+ line.

line vty 0 4

aaa autheentication JUST.


I created a user on ACS , but it wont authenticate on the router.

1.please tell me what and what need to be done.

2.Is AAA server needed for internal database user (though I configur it with the ip add of my DC ,am i write?)


Re: ACS wont authenticate

Did you define source interface for tacacs authentication.

On router issue command,

ip tacacs source-interface fastethernet x/y , where interface would be the one mentioned in tacacs server.

Also check acs, if there is any shared key on NDG level. NDG over overrites aaa-client key.

If still issue is there get

debug tacacs

debug aaa authentication



Hall of Fame Super Gold

Re: ACS wont authenticate

In addition to the good suggestions from JG I would suggest looking at the failed attempts report on the ACS server. If the authentication attempts are getting to the server then there should be entries in the failed attempts report and the entry should help identify the reason for the failure (common causes in this kind of situation are unknown device (either the router is not defined as a client in ACS or the router is sending the request packet with a source address other than the one configured in ACS) or invalid key, or perhaps unknown user.



Community Member

Re: ACS wont authenticate

I am saying a big thank you to you and every one.I am pleased to notify you that the ACS is working fine. I bliv this forum will help me on my way to CCIE

CreatePlease to create content