01-10-2012 04:28 AM - edited 03-10-2019 06:42 PM
Hi all,
I can't perform login using the credential set at ACS server, From the log it shown:
"Failure Reason: 13017 Received TACACS+ packet from unknown Network Device or AAA Client"
I know there's some changes on TACACS+ part for new catalyst IOS, so i refer the guide and this is my config snipet:
aaa group server tacacs+ TAC_PLUS
server name AUTH
tacacs server AUTH
address ipv4 10.10.21.251
key xxxxxx
aaa authentication login TAC_PLUS group tacacs+ local line
aaa authorization exec TAC_PLUS group tacacs+ none
aaa authorization commands 15 default if-authenticated
aaa accounting update periodic 1
aaa accounting exec TAC_PLUS start-stop group tacacs+
aaa accounting network TAC_PLUS start-stop group tacacs+
aaa accounting connection TAC_PLUS start-stop group tacacs+
My platform is
- C6500 running on IOS 12.2 (33) SXJ1
- ACS 5.2.0.26
Need guidance on this, thanks
Noel
Solved! Go to Solution.
01-10-2012 07:48 AM
Hello,
Is the appropriate IOS IP address defined on the Network Devices and AAA Clients for the ACS? If yes, which IP address is reported on the ACS Failure that includes the error "TACACS+ packet from unknown Network Device or AAA Client"? Is the ACS reporting the IP address as unknown when it is already defined appropriately?
Regards.
01-10-2012 07:48 AM
Hello,
Is the appropriate IOS IP address defined on the Network Devices and AAA Clients for the ACS? If yes, which IP address is reported on the ACS Failure that includes the error "TACACS+ packet from unknown Network Device or AAA Client"? Is the ACS reporting the IP address as unknown when it is already defined appropriately?
Regards.
01-11-2012 02:31 AM
Hi Mejia,
I use ip tacacs source-interface command prefix on the switch and somehow it works, thanks for the hints
Thanks
Noel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide