Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACE 4710 A3(2.0) and ACS - TACACS+

Hi.

I am having trouble getting my ACE 4710 (A3(2.0) Build 3.0) to cooperate with my Cisco Secure ACS-server. In the same environment I have it working on my ACE Module, with the same configuration.

ACE 4710:

tacacs-server host 10.7.50.20 key 7 "fewhg"
aaa group server tacacs+ tacacs_server_group
    server 10.7.50.20
    deadtime 15
aaa authentication login default group tacacs_server_group local none
aaa accounting default group tacacs_server_group local
aaa authentication login error-enable

ACS is configured correctly too. I have tried with several users, both in groups, with and without attributes and so forth. The ACS installation works with other devices and with my ACE modules running A2(3.1). I have tried this on both ACS 4.2(0).124 and 4.2(1).15.

The strange part is what I see when I set up Wireshark on my ACS-server to look at the traffic. From what I can see, the ACE only sends a request to the AAA-server if the user exists locally. But I do not get authenticated and Failed Attempts show a line with with Message-Type: "Unknown NAS".

It seems like others have the same problem. The problem is that the link attacked in the topic beneath only leads me back to forum and not to a topic with solution.

https://supportforums.cisco.com/thread/132445?decorator=print&displayFullThread=true#132445

Any help is appreciated and thanks in advance!

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACE 4710 A3(2.0) and ACS - TACACS+

are you using telnet or ssh ?

if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078

http://tools.cisco.com/squish/03240

2 REPLIES
Cisco Employee

Re: ACE 4710 A3(2.0) and ACS - TACACS+

are you using telnet or ssh ?

if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078

http://tools.cisco.com/squish/03240

New Member

Re: ACE 4710 A3(2.0) and ACS - TACACS+

Thanks for answer. Also works great with accessing it through https first.:)

2273
Views
0
Helpful
2
Replies