We are unable to login thru TACACS when we are connected thru serial link but the TACACS authentication happens when we use ISDN. The issue is observed at 2 locations, other locations are working fine and configuration seems to be ok. We have ACS installed on windows as TACACS server. One more thing which is noticable is that when we chack the logs in ACS it shows the part of Banner in the Username field of Failed Authentication.csv file.
Pls. let me know is someone had faced the similar issue and how it was resolved.
Did you change the RegEx expression for the prompt from > or # to something else ?
From your configuration I don't see the authorative souce for your devices' AAA messages defined it should be something like "ip tacacs source-interface Loopback0" which will match up with your authentication profile on the tacacs+ server. Does the authentication profile and origination match if the request is made from the serial attempt vs the isdn attempt ?
Do you have any modem or terminal server connected to this device for out of band management?
In these type of issues the problem is with the modem or term ser. It echo's back exec information from the console. The console interprets these message as login requests. This is extremely common. If that is the case then we need to reconfigure modem or term server, so that it does not echo.
If it's an IOS terminal server, the "no exec" command resolves the issue. If it is a modem, it must be reconfigured so that it no longer echoes.
If authentication works when using ISDN and does not work when using serial, then I would ask that you make another attempt using the serial and then to check the Failed Attempts report and see if it gives some error such as unknown host or invalid key or some other type of error indicator.
If we knew what is causing the failure when using the serial we might be able to suggest a better solution.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :