Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Why can't the single-connection between AS5850 and ACS(vER1.2) be built?

In AS5850, configure like:

tacacs host 200.0.0.1 single-connection key abcxyz

ACS's version is 1.2,but the single-conenction between AS5850 and ACS can't build.

So every client accessing the AS5850 causees three TCP connections (AAA)between AS5850 and ACS. When there are 300 users access at the same time,the connections between AS5850 and ACS are too many for the ACS to deal and the authen is very slow!

In AS5850,we have the same configure,and the single-connection can be kept.When move to AS5850,the result is bad.

Why? Who can tell me the condition of the single-connection keep

3 REPLIES
Community Member

Re: Why can't the single-connection between AS5850 and ACS(vER1.

Are you sure your version is 1.2 or 2.1?

If this is CSNT, there are some known issues with this. Consider upgrading CSNT to 2.4.

Verify you have single connect TACACS+ NAS checkbox enabled in the ACS.

Community Member

Re: Why can't the single-connection between AS5850 and ACS(vER1.

Mr.ROBERT BROWN :

Sorry! The version of CS is 2.3 for NT.

I have single connect TACACS+ NAS checkbox enabled in CSNT.

We have as5300,as5800 ,the configure about tacacs is same,the single-connection all can be kept. but the single-connection can't keep between AS5850 and CANT

Community Member

Re: Why can't the single-connection between AS5850 and ACS(vER1.

Are you running the same IOS in the 5300 and 5450?

My guess is this is a software issue.

188
Views
0
Helpful
3
Replies
CreatePlease to create content