The output is from the console 2800 router, i m trying to authenticate a user john from the ACS server but i m not sure it is authenticating or not by the output above, when i specify a different password in the ACS and the router it does'nt accept ACS password rather it takes local password configured for john.
sh run for router 2800:
ACS-Router#sh running-config Building configuration...
Current configuration : 1141 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ACS-Router ! boot-start-marker boot system flash c2800nm-ipvoicek9-mz.151-1.T.bin boot-end-marker ! logging message-counter syslog enable secret 5 $1$6MYC$v0SoHopUNgCSXx08iEfcU0 ! aaa new-model ! ! aaa authentication login 123 group tacacs+ local ! ! aaa session-id common ! dot11 syslog ip source-route ! ! ip cef ! ! no ip domain lookup ! multilink bundle-name authenticated ! ! ! ! ! ! username john password 0 cisco12345 archive log config hidekeys ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 192.168.10.1 255.255.255.0 ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd no ip http server no ip http secure-server ! ! ! ! ! ! ! tacacs-server host 192.168.10.3 port 49 timeout 2 key cisco12345 ! control-plane ! ! line con 0 login authentication 123 line aux 0 line vty 0 4 login authentication 123
when the same configuration i did with the 2960 switch it is working fine for the user,It is accepting different password for the ACS and the local when i disconnect the ACS from the LAN.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...