Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Error in authentication

Hi,

I have configured more than 40 Cisco routers (2811 & 1841) with the following aaa commands:

aaa new-model

!

!

aaa authentication login default group tacacs+ enable

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

!

!

ip tacacs source-interface fastethernet 0/0

tacacs-server host x.x.x.x key key123

tacacs-server directed-request

!

!

!

i tried all of them (remote access) and everything works fine.

I surprised that two of them (cisco 2811 & Cisco 1841) i faced an error "error in authentication" when i try to type enable at the user-mode. By the way, i can access them with username & password.

I tried to change the IP address from the ACS server (AAA clients) for these two sites in order to access using enable secret but failed.

I'm using SSH.

Please your help.

5 REPLIES
Community Member

Re: Error in authentication

Hi,

Where is the authentication for the enable password meant to take place? Locally or using Tacacs? If may be worthwhile adding in the command

"aaa authentication enable default group tacacs+ local" or change it slightly depending where you want it to carry out the authentication.

Hope that helps

Bronze

Re: Error in authentication

Hi,

enable secret is locally.

the mentioned command is already added but with enable secret when ACS is not reachable.

Hall of Fame Super Gold

Re: Error in authentication

Alqader

Mike suggests that you use this command:

aaa authentication enable default group tacacs+ local

and you respond that:

the mentioned command is already added

The aaa authentication enable is not included in your original post. Either your response to Mike is incorrect or your original post is significantly incomplete. In either case it makes it difficult to understand your issue and to give you good advice. Can you clarify exactly what is in your config and what the problem is?

HTH

Rick

Bronze

Re: Error in authentication

Rick

i replied to him that the mentioned command already exists but with enable secret not locally.

Just i want to know if anyone experienced this problem and how can we access the device remotely (if exists).

Any way, Thanks

Bronze

Re: Error in authentication

Solved, the enable secret command is not applied, i don't know how it is removed!

Thanks

6538
Views
0
Helpful
5
Replies
CreatePlease to create content