Solved: TACACS+ packet from unknown Network Device or AAA Client

yong khang NG · ‎01-10-2012

Hi all,

I can't perform login using the credential set at ACS server, From the log it shown:

"Failure Reason: 13017 Received TACACS+ packet from unknown Network Device or AAA Client"

I know there's some changes on TACACS+ part for new catalyst IOS, so i refer the guide and this is my config snipet:

aaa group server tacacs+ TAC_PLUS

server name AUTH

tacacs server AUTH

address ipv4 10.10.21.251

key xxxxxx

aaa authentication login TAC_PLUS group tacacs+ local line

aaa authorization exec TAC_PLUS group tacacs+ none

aaa authorization commands 15 default if-authenticated

aaa accounting update periodic 1

aaa accounting exec TAC_PLUS start-stop group tacacs+

aaa accounting network TAC_PLUS start-stop group tacacs+

aaa accounting connection TAC_PLUS start-stop group tacacs+

My platform is

- C6500 running on IOS 12.2 (33) SXJ1

- ACS 5.2.0.26

Need guidance on this, thanks

Noel

camejia · ‎01-10-2012

Hello,

Is the appropriate IOS IP address defined on the Network Devices and AAA Clients for the ACS? If yes, which IP address is reported on the ACS Failure that includes the error "TACACS+ packet from unknown Network Device or AAA Client"? Is the ACS reporting the IP address as unknown when it is already defined appropriately?

Regards.

View solution in original post

camejia · ‎01-10-2012

Hello,

Is the appropriate IOS IP address defined on the Network Devices and AAA Clients for the ACS? If yes, which IP address is reported on the ACS Failure that includes the error "TACACS+ packet from unknown Network Device or AAA Client"? Is the ACS reporting the IP address as unknown when it is already defined appropriately?

Regards.

yong khang NG · ‎01-11-2012

Hi Mejia,

I use ip tacacs source-interface command prefix on the switch and somehow it works, thanks for the hints

Thanks

Noel