Cannot login into Router using TACACS+

nfordhk — Mon, 11 Mar 2019 01:54:49 GMT

Hello,

I cannot log into my OSPF router using TACACS+ below are the debug messages

.Mar 16 16:20:29: TPLUS(0000004F)/0/NB_WAIT/661E1170: timed out, clean up

.Mar 16 16:20:29: TPLUS(0000004F)/0/661E1170: Processing the reply packet

.Mar 16 16:24:46: TAC+: Using default tacacs server-group "TACACS-SERVERS" list.

.Mar 16 16:24:46: TAC+: Opening TCP/IP to x.x.x.x/49 timeout=5

.Mar 16 16:24:51: TAC+: TCP/IP open to x.x.x.x/49 failed -- Connection timed out; remote host not responding

.Mar 16 16:24:51: TPLUS: Queuing AAA Accounting request 75 for processing

.Mar 16 16:24:51: TPLUS: processing accounting request id 75

.Mar 16 16:24:51: TPLUS: Sending AV task_id=627

.Mar 16 16:24:51: TPLUS: Sending AV timezone=EDT

.Mar 16 16:24:51: TPLUS: Sending AV service=shell

.Mar 16 16:24:51: TPLUS: Sending AV start_time=1331929491

.Mar 16 16:24:51: TPLUS: Sending AV priv-lvl=1

.Mar 16 16:24:51: TPLUS: Sending AV cmd=show logging <cr>

.Mar 16 16:24:51: TPLUS: Accounting request created for 75(backup)

.Mar 16 16:24:51: TPLUS: Using server x.x.x.x .Mar 16 16:20:29: TPLUS(0000004F)/0/NB_WAIT/661E1170: timed out, clean up
.Mar 16 16:20:29: TPLUS(0000004F)/0/661E1170: Processing the reply packet
.Mar 16 16:24:46: TAC+: Using default tacacs server-group "TACACS-SERVERS" list.
.Mar 16 16:24:46: TAC+: Opening TCP/IP to x.x.x.x/49 timeout=5
.Mar 16 16:24:51: TAC+: TCP/IP open to x.x.x.x/49 failed -- Connection timed out; remote host not responding
.Mar 16 16:24:51: TPLUS: Queuing AAA Accounting request 75 for processing
.Mar 16 16:24:51: TPLUS: processing accounting request id 75
.Mar 16 16:24:51: TPLUS: Sending AV task_id=627
.Mar 16 16:24:51: TPLUS: Sending AV timezone=EDT
.Mar 16 16:24:51: TPLUS: Sending AV service=shell
.Mar 16 16:24:51: TPLUS: Sending AV start_time=1331929491
.Mar 16 16:24:51: TPLUS: Sending AV priv-lvl=1
.Mar 16 16:24:51: TPLUS: Sending AV cmd=show logging <cr>
.Mar 16 16:24:51: TPLUS: Accounting request created for 75(backup)
.Mar 16 16:24:51: TPLUS: Using server x.x.x.x

I have comfirmed the IP on the server. The router can ping the TACACS+ server and telnet over port 49. I have confirmed the ip has a route. I have deleted / readded the entry on the ACS server. I have verfiied the TACACS+ key several times.

Cannot login into Router using TACACS+

Tarik Admani — Sat, 17 Mar 2012 22:05:24 GMT

What version code is running on your router and what version of ACS are you running? Is this a new installation or did this start all of a sudden?

Also what is the source interface for the tacacs request? You may need to specify the source interface to send the tacacs request from.

Thanks,

Tarik Admani

Cannot login into Router using TACACS+

mavespig — Mon, 19 Mar 2012 10:24:43 GMT

Hi Nicholas,

As Tarik wrote, be sure that the remote server is aware of the source-interface configured on the router.

Can you try to telnet to the server?

telnet 1.1.1.1 49 /source-interface

You should be able to see "CONNECT".

You can also try to use the test aaa command, and see if your user get successfully authenticated.

'test aaa group tacacs legacy'

Regards

Marco

topic Cannot login into Router using TACACS+ in Network Access Control

Cannot login into Router using TACACS+

Cannot login into Router using TACACS+

Cannot login into Router using TACACS+