https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581360#M427736 <HTML><HEAD></HEAD><BODY><P>Hi Rick,</P><P></P><P>Thanks for your reply. The configs on the acs were fine and were checked multiple times. We restarted the acs service which resolved the issue for us along with the other routers with same issue with same acs.</P><P></P><P>Thank you</P><P>Prashant</P></BODY></HTML> Wed, 02 Apr 2008 04:36:38 GMT prashsin1 2008-04-02T04:36:38Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581356#M427732 <P>Tacacs not working on router. Here's the debug:</P><P>Feb 15 09:01:35: TPLUS: Queuing AAA Authentication request 56 for processing</P><P>Feb 15 09:01:35: TPLUS: processing authentication start request id 56</P><P>Feb 15 09:01:35: TPLUS: Authentication start packet created for 56()</P><P>Feb 15 09:01:35: TPLUS: Using server 10.67.3.68</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT/642887C4: Started 5 sec timeout</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT: socket event 2</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT: wrote entire 35 bytes request</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/READ: socket event 1</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/READ: Would block while reading</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/READ: socket event 1</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/READ: errno 254</P><P>Feb 15 09:01:35: TPLUS(00000038)/0/642887C4: Processing the reply packet</P><P>Feb 15 09:01:45: TPLUS: Queuing AAA Authentication request 56 for processing</P><P>Feb 15 09:01:45: TPLUS: processing authentication start request id 56</P><P>Feb 15 09:01:45: TPLUS: Authentication start packet created for 56()</P><P>Feb 15 09:01:45: TPLUS: Using server 10.67.3.68</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT/658594B0: Started 5 sec timeout</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT: socket event 2</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT: wrote entire 35 bytes request</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/READ: socket event 1</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/READ: Would block while reading</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/READ: socket event 1</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/READ: errno 254</P><P>Feb 15 09:01:45: TPLUS(00000038)/0/658594B0: Processing the reply packet</P><P>Any Ideas? </P><P>Any takers?</P> Sun, 10 Mar 2019 21:28:34 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581356#M427732 j-bliss 2019-03-10T21:28:34Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581357#M427733 <HTML><HEAD></HEAD><BODY><P>Jason</P><P></P><P>The device is sending a request and gets this:READ: errno 254 </P><P></P><P>Can you verify that the TACACS server has a correct definintion for this device?</P><P></P><P>It might be helpful if you would run debug tacacs packet and post its output.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Thu, 16 Feb 2006 19:41:44 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581357#M427733 Richard Burts 2006-02-16T19:41:44Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581358#M427734 <HTML><HEAD></HEAD><BODY><P>Hi Rick,</P><P></P><P>I am facing the same issue Jason mentioned. As you suggested him I am attaching the result of debug tacacs and cannot paste due to word limit. Please suggest.</P><P></P><P>Thanks</P><P>Prashant</P><P></P><P> </P><P></P></BODY></HTML> Tue, 01 Apr 2008 12:30:21 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581358#M427734 prashsin1 2008-04-01T12:30:21Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581359#M427735 <HTML><HEAD></HEAD><BODY><P>Prashant</P><P></P><P>I have looked at the file that you posted (which is the right way to get large amounts of information into a posting) and I believe that it is helpful. I see this type of error message quite a few times:</P><P>Apr 1 12:22:54.718: TAC+: Invalid AUTHOR/START packet (check keys).</P><P>Apr 1 12:22:54.718: TAC+: Closing TCP/IP 0x641C40B8 connection to 10.</P><P></P><P>I believe in particular the part that says (check keys) is a clue. I believe that it indicates that there is a mismatch between the configuration on the router and the configuration on the ACS server. Check the configuration of the ACS server to be sure that it has an entry for 10.127.0.202 remote client and make sure that the key configured on the server is the same as the key configured on the router (it might be best to reconfigure the keys just to be sure that they match).</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Tue, 01 Apr 2008 19:35:06 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581359#M427735 Richard Burts 2008-04-01T19:35:06Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581360#M427736 <HTML><HEAD></HEAD><BODY><P>Hi Rick,</P><P></P><P>Thanks for your reply. The configs on the acs were fine and were checked multiple times. We restarted the acs service which resolved the issue for us along with the other routers with same issue with same acs.</P><P></P><P>Thank you</P><P>Prashant</P></BODY></HTML> Wed, 02 Apr 2008 04:36:38 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581360#M427736 prashsin1 2008-04-02T04:36:38Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581361#M427737 <HTML><HEAD></HEAD><BODY><P>Prashant</P><P></P><P>Thank you for posting back to the forum indicating that you had resolved the issue and what you did that resolved the issue. It helps make the forum more useful when people can read about a problem and can read what was done that resolved the problem.</P><P></P><P>The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.</P><P></P><P>HTH</P><P></P><P>Rick</P></BODY></HTML> Wed, 02 Apr 2008 18:07:56 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581361#M427737 Richard Burts 2008-04-02T18:07:56Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581362#M427738 <HTML><HEAD></HEAD><BODY><P>hi ,</P><P></P><P>The same problem has become bigger one now.we have been restarting the services here and there to resolve the login issue.</P><P></P><P>But now every 4 - 5 hrs we have to restart the service.</P><P></P><P>We are using acs 4.1 ( two boxes for redundancy - with data replication)</P><P>Note : second box is not having any issues.</P><P> --is there any patch to be applied ?</P><P></P><P>error is as same as Prashant has posted above from the device.</P><P></P><P>1. we have more than 5000 + devices getting auth from this box.</P><P>2.Not all devices are having issues</P><P>3.randomly devices are having issues whilie logging in / processing commands</P><P></P><P>example : first two logins will fail third will be a success</P><P></P><P>can any one please help .........</P></BODY></HTML> Mon, 24 Aug 2009 13:13:23 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581362#M427738 rajivrajan1 2009-08-24T13:13:23Z https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581363#M427739 <HTML><HEAD></HEAD><BODY><P>Rajeev,</P><P>There are some known bugs on 4.1. I would suggest to upgrade it to 4.2 patch 12 and if you have single connect enabled, please disable it.</P><P></P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful post</P></BODY></HTML> Mon, 24 Aug 2009 13:40:14 GMT https://community.cisco.com/t5/network-access-control/tacacs-debug-message/m-p/581363#M427739 Jagdeep Gambhir 2009-08-24T13:40:14Z