cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1804
Views
0
Helpful
3
Replies

How do I configure the NAS?

matt.austin
Level 1
Level 1

I am having problems configuring my routers for AAA access to my ACS 3.1 Server. Switches have been working fine, but I am missing something. When I set the:

aaa new-model

tacacs-server host *.*.*.*

tacacs-server key BLAH_BLAH

tacacs-server timeout 60

I am able to get a username prompt, but it doesn't allow me to access the device, even with valid accounts that can access our switches.

Now when I add the:

aaa authentication login default group tacacs+,

The username prompt doesn't even appear but for a second and then states that "Authentication Failed" and immediately closes out the telnet session.

On the ACS Server under "Reports Activity", "Failed Attempts", I get the message type of "Unknown NAS".

Any help will be greatly appreciated.

Thanks!

3 Replies 3

tepatel
Cisco Employee
Cisco Employee

You need to configure the NAS ip address in ACS (under network configuration) so that ACS will respond to that authentication requestes from that nas ip address. I assume that the ACS is already configured for username and password for authentication.

At this point it complains "Unknown NAS" because of NAS ip address is not configured in ACS to honour the requestes. Make sure that you enter the ip address of NAS in ACS from which NAS can reach ACS.

ovanjara
Cisco Employee
Cisco Employee

Hi,

In addition to adding the NAS IP or if you already have that in place, also make sure you have the following command in the router, so that we know the router is going to source from the IP configured in the ACS as the NAS IP. The command in the router is:

ip tacacs source-interface fastEthernet 0/1

Replace teh "fastEthernet 0/1" with the interface you want to source the AAA request from.

Thanks,

Obaid.

OK, I also entered the command that you recommended, "ip tacacs source-interface fastEthernet 0", and added the entry on my ACS Server as a "client" under Network Configuration, and it still doesn't work... Now I get an Author Failed with a service denied....any suggestions?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: