Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

TACACS+ packet from unknown Network Device or AAA Client

Hi all,

I can't perform login using the credential set at ACS server, From the log it shown:

"Failure Reason: 13017 Received TACACS+ packet from unknown Network Device or AAA Client"

I know there's some changes on TACACS+ part for new catalyst IOS, so i refer the guide and this is my config snipet:

aaa group server tacacs+ TAC_PLUS

server name AUTH

tacacs server AUTH

address ipv4 10.10.21.251

key xxxxxx

aaa authentication login TAC_PLUS group tacacs+ local line

aaa authorization exec TAC_PLUS group tacacs+ none

aaa authorization commands 15 default if-authenticated

aaa accounting update periodic 1

aaa accounting exec TAC_PLUS start-stop group tacacs+

aaa accounting network TAC_PLUS start-stop group tacacs+

aaa accounting connection TAC_PLUS start-stop group tacacs+

My platform is

- C6500 running on IOS 12.2 (33) SXJ1

- ACS 5.2.0.26

Need guidance on this, thanks

Noel

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

TACACS+ packet from unknown Network Device or AAA Client

Hello,

Is the appropriate IOS IP address defined on the Network Devices and AAA Clients for the ACS? If yes, which IP address is reported on the ACS Failure that includes the error "TACACS+ packet from unknown Network Device or AAA Client"? Is the ACS reporting the IP address as unknown when it is already defined appropriately?

Regards.

2 REPLIES
Silver

TACACS+ packet from unknown Network Device or AAA Client

Hello,

Is the appropriate IOS IP address defined on the Network Devices and AAA Clients for the ACS? If yes, which IP address is reported on the ACS Failure that includes the error "TACACS+ packet from unknown Network Device or AAA Client"? Is the ACS reporting the IP address as unknown when it is already defined appropriately?

Regards.

New Member

TACACS+ packet from unknown Network Device or AAA Client

Hi Mejia,

I use ip tacacs source-interface command prefix on the switch and somehow it works, thanks for the hints

Thanks

Noel

976
Views
0
Helpful
2
Replies
CreatePlease to create content