Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1737
Views
0
Helpful
2
Replies

Why the ACS block my Console Login?

Go to solution
s.morillo
Spotlight
Spotlight

‎10-14-2008 11:35 PM - edited ‎03-10-2019 04:08 PM

I have aaa to my SWs an ROuters, but wen my Server goes down I cant get access ont the console port.

My config is attached and the debug aaa authorization.

this are the debugs for each acces: Telnet tacacs user, consoler tacacs user and the try whit the local user.

telnet access

Oct 15 01:03:09: AAA: parse name=tty2 idb type=-1 tty=-1

Oct 15 01:03:09: AAA: name=tty2 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=2 channel=0

Oct 15 01:03:09: AAA/MEMORY: create_user (0x2778E84) user='NULL' ruser='NULL' ds0=0 port='tty2' rem_addr='10.10.10.23' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

Oct 15 01:03:10: %CDP-4-NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on GigabitEthernet0/37 (102), with tst1-s2 GigabitEthernet0/1 (1).

Oct 15 01:03:11: AAA/MEMORY: free_user (0x28E1BFC) user='ACS-USER' ruser='NULL' port='tty2' rem_addr='10.10.10.23' authen_type=ASCII service=ENABLE priv=15

Oct 15 01:03:13: AAA/MEMORY: free_user (0x2778E84) user='ACS-USER' ruser='NULL' port='tty2' rem_addr='10.10.10.23' authen_type=ASCII service=LOGIN priv=1

COnsole access (Working whit the ACS user)

Oct 15 01:08:57: AAA: parse name=tty0 idb type=-1 tty=-1

Oct 15 01:08:57: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0

Oct 15 01:08:57: AAA/MEMORY: create_user (0x28AA8E4) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

Oct 15 01:09:11: AAA/MEMORY: free_user (0x27C0DC4) user='ACS-USER' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=ENABLE priv=15

Oct 15 01:09:18: AAA/MEMORY: free_user (0x28AA8E4) user='ACS-USER' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

console access (Not working whit the local user)

Oct 15 01:05:24: AAA: parse name=tty0 idb type=-1 tty=-1

Oct 15 01:05:24: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0

Oct 15 01:05:24: AAA/MEMORY: create_user (0x27C1310) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

Oct 15 01:05:36: AAA/MEMORY: free_user_quiet (0x27C1310) user='LOCAL_USER' ruser='NULL' port='tty0' rem_addr='async' authen_type=1 service=1 priv=1

Oct 15 01:05:36: AAA: parse name=tty0 idb type=-1 tty=-1

Oct 15 01:05:36: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0

Oct 15 01:05:36: AAA/MEMORY: create_user (0x28D201C) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

Oct 15 01:06:09: AAA/MEMORY: free_user_quiet (0x28D201C) user='NULL' ruser='NULL' port='tty0' rem_addr='async' authen_type=1 service=1 priv=1

Oct 15 01:06:09: AAA: parse name=tty0 idb type=-1 tty=-1

Oct 15 01:06:09: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0

Oct 15 01:06:09: AAA/MEMORY: create_user (0x2773004) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0', vrf= (id=0)

Oct 15 01:06:41: AAA/MEMORY: free_user (0x2773004) user='NULL' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1

Thanks for your help.

Labels:
Preview file
1 KB
Preview file
3 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Premdeep Banga
Level 7
Level 7

‎10-15-2008 03:36 AM

Change your commands from,

aaa authentication login default group tacacs+ enable

aaa authentication enable default group tacacs+

To,

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

Regards,

Prem

Please if it helps!

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Premdeep Banga
Level 7
Level 7

‎10-15-2008 03:36 AM

Change your commands from,

aaa authentication login default group tacacs+ enable

aaa authentication enable default group tacacs+

To,

aaa authentication login default group tacacs+ local

aaa authentication enable default group tacacs+ enable

Regards,

Prem

Please if it helps!

0 Helpful

Go to solution
s.morillo
Spotlight
Spotlight
In response to Premdeep Banga

‎10-20-2008 03:06 PM

GREAT ! ! ! It work, many thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents