https://community.cisco.com/t5/network-security/unable-to-access-acs/m-p/1878474#M936943 <P>Good day,</P><P></P><P>We are having an issue with a couple of switches we have daisy chained off of each other. We have a 2960 8 port going to a 2950 24 port then to our core switch a 6507. The problem is we cannot authenticate to the ACS server attached to the 6507 from the 2960. We can however authenticate to the ACS from the 2950. We do have similar setups like this in different parts of our network that work. I have compared the configurations from theses switches and nothing stand out. </P><P></P><P>2960</P><P>G0/8 trunk allowed vlan 59,3300</P><P>switchport mode trunk</P><P></P><P>connect to </P><P></P><P>2950 </P><P>G0/1 trunk allowed vlan 59,3300</P><P>switchport mode trunk</P><P></P><P>connect to </P><P></P><P>6507</P><P></P><P>Any help would be appreciated.</P><P></P><P>humv</P> Fri, 21 Feb 2020 12:32:42 GMT Stacey Hummer 2020-02-21T12:32:42Z https://community.cisco.com/t5/network-security/unable-to-access-acs/m-p/1878474#M936943 <P>Good day,</P><P></P><P>We are having an issue with a couple of switches we have daisy chained off of each other. We have a 2960 8 port going to a 2950 24 port then to our core switch a 6507. The problem is we cannot authenticate to the ACS server attached to the 6507 from the 2960. We can however authenticate to the ACS from the 2950. We do have similar setups like this in different parts of our network that work. I have compared the configurations from theses switches and nothing stand out. </P><P></P><P>2960</P><P>G0/8 trunk allowed vlan 59,3300</P><P>switchport mode trunk</P><P></P><P>connect to </P><P></P><P>2950 </P><P>G0/1 trunk allowed vlan 59,3300</P><P>switchport mode trunk</P><P></P><P>connect to </P><P></P><P>6507</P><P></P><P>Any help would be appreciated.</P><P></P><P>humv</P> Fri, 21 Feb 2020 12:32:42 GMT https://community.cisco.com/t5/network-security/unable-to-access-acs/m-p/1878474#M936943 Stacey Hummer 2020-02-21T12:32:42Z https://community.cisco.com/t5/network-security/unable-to-access-acs/m-p/1878475#M936944 <HTML><HEAD></HEAD><BODY><P>In such cases I find it useful to see if the packets are actually arriving at the ACS server. If you're running ACS on Windows, it's pretty simple to load Wireshark, start a capture and watch for the packets coming in during a failed authentication attempt. </P><P></P><P>I'm assuming you verified the obvious like the device's management IP being correctly entered and the tacacs key matching.</P><P></P><P>Common issues include:</P><P></P><P>a. the device sourcing from other than the expected IP address and thus not matching its definition in ACS. This can be fixed by either changing the device definition on ACS or using "ip tacacs source-interface" command on the switch.</P><P></P><P>b. the packets not arriving at all from the source device. This is usually caused by a network configuration error. </P><P></P><P>You can also debug tacacs on the switch while you try to authenticate to your ACS server.</P></BODY></HTML> Fri, 27 Jan 2012 23:42:58 GMT https://community.cisco.com/t5/network-security/unable-to-access-acs/m-p/1878475#M936944 Marvin Rhoads 2012-01-27T23:42:58Z