Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

authentication failed -


I'm using tacacs(ACS 4.2) server and trying to login with my tacacs credentials but got a msg:

authorization failed.....

pls advise wht could be the issue and how to resolve it.



Re: authentication failed -

Hi Gavin,

you are getting authorization failed messgae which means your authentication is passing. It depend which protocol you are using radius/tacacs.

please try this sample config and see if authorization works or not. If still same issue, check what is the authorization failure logs your ACS is showing:-

Here is a sample configuration:-

router(config)# enable password XXXXXXX

router(config)# username admin privilege 15 password xxxxx

router(config)# aaa new-model (Enables AAA configuration commands on the router)

router(config)# Tacacs-server host XXXXXXX ( IP address of the ACS server)

router(config)# Tacacs-server key XXXXXX ( This is the same shared secret key which we defined on the ACS for this IOS device)

router(config)# aaa authentication login default group Tacacs+ local

Authenticate telnet users on TACACS+ if TACACS+ is down authenticate users with locally configured telnet username password on router.

router(config)# aaa authentication enable default group Tacacs+ enable

Authenticate the enable password on the TACACS+ if TACACS+ is down authenticate enable password with locally configured enable password on router.

Router(config)# aaa accounting exec default start-stop group TACACS+ (Account all the user which are telneting based on start and stop session on TACACS+)

Router(config)# line vty 04 (Change to line vty line)

Router(config-line)# Login authentication default (Enables tacacs authentication for the vty lines)

Thanks & Regards