https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654346#M422787 <P>I'm having a strange problem with a few routers sending invalid characters to my TACACS server. Example is it's trying to authenticate part of the banner. </P><P></P><P>Here's the aaa config and part of the debug.</P><P></P><P></P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ line</P><P>aaa authentication login no_tacacs enable</P><P>aaa authentication enable default group tacacs+ enable</P><P>aaa authorization exec default group tacacs+ if-authenticated</P><P>aaa authorization commands 1 default group tacacs+ if-authenticated</P><P>aaa authorization commands 15 default group tacacs+ if-authenticated</P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 0 default start-stop group tacacs+</P><P>aaa accounting commands 1 default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P></P><P>DEBUG:</P><P></P><P>Oct 4 18:50:30.842: AAA/MEMORY: free_user (0x6364C220) user='NULL' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1</P><P>Oct 4 18:50:33.842: AAA: parse name=tty0 idb type=-1 tty=-1</P><P>Oct 4 18:50:33.842: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0</P><P>Oct 4 18:50:33.842: AAA/MEMORY: create_user (0x63588100) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0'</P><P>Oct 4 18:50:34.594: AAA/MEMORY: free_user_quiet (0x63588100) user='expressly consents to ' ruser='NULL' port='tty0' rem_addr='async' authen_type=1 service=1 priv=1</P><P>Oct 4 18:50:34.594: AAA: parse name=tty0 idb type=-1 tty=-1</P><P>Oct 4 18:50:34.594: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0</P><P>Oct 4 18:50:34.594: AAA/MEMORY: create_user (0x6364ECAC) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0'name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0</P><P></P><P>Thanks for any info...</P><P></P><P></P> Sun, 10 Mar 2019 21:46:31 GMT meinanut1 2019-03-10T21:46:31Z https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654346#M422787 <P>I'm having a strange problem with a few routers sending invalid characters to my TACACS server. Example is it's trying to authenticate part of the banner. </P><P></P><P>Here's the aaa config and part of the debug.</P><P></P><P></P><P></P><P>aaa new-model</P><P>aaa authentication login default group tacacs+ line</P><P>aaa authentication login no_tacacs enable</P><P>aaa authentication enable default group tacacs+ enable</P><P>aaa authorization exec default group tacacs+ if-authenticated</P><P>aaa authorization commands 1 default group tacacs+ if-authenticated</P><P>aaa authorization commands 15 default group tacacs+ if-authenticated</P><P>aaa accounting exec default start-stop group tacacs+</P><P>aaa accounting commands 0 default start-stop group tacacs+</P><P>aaa accounting commands 1 default start-stop group tacacs+</P><P>aaa accounting commands 15 default start-stop group tacacs+</P><P></P><P>DEBUG:</P><P></P><P>Oct 4 18:50:30.842: AAA/MEMORY: free_user (0x6364C220) user='NULL' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1</P><P>Oct 4 18:50:33.842: AAA: parse name=tty0 idb type=-1 tty=-1</P><P>Oct 4 18:50:33.842: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0</P><P>Oct 4 18:50:33.842: AAA/MEMORY: create_user (0x63588100) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0'</P><P>Oct 4 18:50:34.594: AAA/MEMORY: free_user_quiet (0x63588100) user='expressly consents to ' ruser='NULL' port='tty0' rem_addr='async' authen_type=1 service=1 priv=1</P><P>Oct 4 18:50:34.594: AAA: parse name=tty0 idb type=-1 tty=-1</P><P>Oct 4 18:50:34.594: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0</P><P>Oct 4 18:50:34.594: AAA/MEMORY: create_user (0x6364ECAC) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0'name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0</P><P></P><P>Thanks for any info...</P><P></P><P></P> Sun, 10 Mar 2019 21:46:31 GMT https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654346#M422787 meinanut1 2019-03-10T21:46:31Z https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654347#M422788 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> Do we have a modem attached to this router if so please remove it and check its configurations.</P><P>Please enter "no exec" command under aux port.</P><P>Let me know if this helps.</P><P></P><P>Thanks</P><P>Gagan</P></BODY></HTML> Wed, 04 Oct 2006 20:05:05 GMT https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654347#M422788 gaganbatra 2006-10-04T20:05:05Z https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654348#M422789 <HTML><HEAD></HEAD><BODY><P>Thanks for hte response. </P><P></P><P>Yes, I do have a modem. Why would I use the "no exec" command?</P><P></P><P>Thanks</P></BODY></HTML> Wed, 04 Oct 2006 20:43:25 GMT https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654348#M422789 meinanut1 2006-10-04T20:43:25Z https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654349#M422790 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P> The no exec command allows you to disable the EXEC process for connections which may attempt to send unsolicited data to the router. (For example, the control port of a rack of modems attached to an auxiliary port of router.) When certain types of data are sent to a line connection, an EXEC process can start, which makes the line unavailable. </P><P></P><P>Thanks</P><P>Gagan</P></BODY></HTML> Fri, 06 Oct 2006 13:45:58 GMT https://community.cisco.com/t5/network-access-control/aaa-issue/m-p/654349#M422790 gaganbatra 2006-10-06T13:45:58Z