https://community.cisco.com/t5/wireless/wlc-2504-with-tacacs-net-aaa-not-working/m-p/3705842#M5464 <P>Hi guys</P> <P>&nbsp;</P> <P>I have a problem where my wlc will not authenticate via tacacs.net , the server is reachable from the controller and Authentication, Accounting and Authorization has been setup and enabled on the WLC priority is Tacacs/Local.&nbsp; On the tacacs server we have an entry for the whole management network and our switches and routers work just fine with no issue. Tacacs.net version 1.31</P> <P>When we test and do a packet capture on the firewall we can see packet towards the server but nothing back, just strange that switches would work and not the WLC, see debug below.</P> <P>&nbsp;</P> <P>Thanks in Advanced</P> <P>&nbsp;</P> <P>(Cisco Controller) &gt;*aaaQueueReader: Sep 12 12:30:19.075: AuthenticationRequest: 0x2c618510<BR /><BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; Callback.....................................0x114d0740<BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; protocolType.................................0x00020030<BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; proxyState...................................00:00:0B:DF:00:00-00:00<BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; Packet contains 5 AVPs (not shown)<BR /><BR />*tplusTransportThread: Sep 12 12:30:19.176: Selected Tplus server xx.xx.xx (port:49, fd:0) to send the message<BR />*tplusTransportThread: Sep 12 12:30:19.177: Setup the Tplus socket for server xx.xx.xx.xx (port:49)<BR />*tplusTransportThread: Sep 12 12:30:19.177: Connecting to tacacs server xx.xx.xx on port=49 on sockFd= 76<BR />*tplusTransportThread: Sep 12 12:30:19.177: Tplus server (xx.xx.xx.xx) start polling for 5sec<BR />*tplusTransportThread: Sep 12 12:30:24.176: Tplus server (xx.xx.xx.xx) connect timeout: 150:Operation now in progress<BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to setup the Tplus socket for server xx.xx.xx.xx!<BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send the Tplus message to xx.xx.xx.xx(port:49, fd:76)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from : xx.xx.xx.xx (req session_id:0, seq_no:1). Try next Auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from: xx.xx.xx.xx (req session_id:0, seq_no:1), Tx Tried Cnt:1. Exhausted all servers<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from : xx.xx.xx.xx (req session_id:0, seq_no:1). Try next Auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from: xx.xx.xx.xx (req session_id:0, seq_no:1), Tx Tried Cnt:1. Exhausted all servers<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: None of the Tplus Auth servers (Tx Tried Cnt:1) are responding. Drop the auth request(session_id:0, seq_no:1)! <BR />*tplusTransportThread: Sep 12 12:30:24.177: ReProcessAuthentication previous proto 30, next proto 20008<BR />*tplusTransportThread: Sep 12 12:30:24.177: Unable to find requested user entry for john<BR />*tplusTransportThread: Sep 12 12:30:24.177: 00:00:0b:df:00:00 Returning AAA Error 'Authentication Failed' (-4) for mobile 00:00:0b:df:00:00<BR />*tplusTransportThread: Sep 12 12:30:24.177: AuthorizationResponse: 0x2bdd8c84<BR /><BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; structureSize................................92<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; resultCode...................................-4<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; protocolUsed.................................0x00000008<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; proxyState...................................00:00:0B:DF:00:00-00:00<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; Packet contains 0 AVPs:</P> Mon, 05 Jul 2021 16:10:45 GMT ryno.robile1 2021-07-05T16:10:45Z https://community.cisco.com/t5/wireless/wlc-2504-with-tacacs-net-aaa-not-working/m-p/3705842#M5464 <P>Hi guys</P> <P>&nbsp;</P> <P>I have a problem where my wlc will not authenticate via tacacs.net , the server is reachable from the controller and Authentication, Accounting and Authorization has been setup and enabled on the WLC priority is Tacacs/Local.&nbsp; On the tacacs server we have an entry for the whole management network and our switches and routers work just fine with no issue. Tacacs.net version 1.31</P> <P>When we test and do a packet capture on the firewall we can see packet towards the server but nothing back, just strange that switches would work and not the WLC, see debug below.</P> <P>&nbsp;</P> <P>Thanks in Advanced</P> <P>&nbsp;</P> <P>(Cisco Controller) &gt;*aaaQueueReader: Sep 12 12:30:19.075: AuthenticationRequest: 0x2c618510<BR /><BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; Callback.....................................0x114d0740<BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; protocolType.................................0x00020030<BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; proxyState...................................00:00:0B:DF:00:00-00:00<BR /><BR />*aaaQueueReader: Sep 12 12:30:19.075:&nbsp;&nbsp; Packet contains 5 AVPs (not shown)<BR /><BR />*tplusTransportThread: Sep 12 12:30:19.176: Selected Tplus server xx.xx.xx (port:49, fd:0) to send the message<BR />*tplusTransportThread: Sep 12 12:30:19.177: Setup the Tplus socket for server xx.xx.xx.xx (port:49)<BR />*tplusTransportThread: Sep 12 12:30:19.177: Connecting to tacacs server xx.xx.xx on port=49 on sockFd= 76<BR />*tplusTransportThread: Sep 12 12:30:19.177: Tplus server (xx.xx.xx.xx) start polling for 5sec<BR />*tplusTransportThread: Sep 12 12:30:24.176: Tplus server (xx.xx.xx.xx) connect timeout: 150:Operation now in progress<BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to setup the Tplus socket for server xx.xx.xx.xx!<BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send the Tplus message to xx.xx.xx.xx(port:49, fd:76)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from : xx.xx.xx.xx (req session_id:0, seq_no:1). Try next Auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from: xx.xx.xx.xx (req session_id:0, seq_no:1), Tx Tried Cnt:1. Exhausted all servers<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from : xx.xx.xx.xx (req session_id:0, seq_no:1). Try next Auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from: xx.xx.xx.xx (req session_id:0, seq_no:1), Tx Tried Cnt:1. Exhausted all servers<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)<BR />*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server<BR />*tplusTransportThread: Sep 12 12:30:24.177: None of the Tplus Auth servers (Tx Tried Cnt:1) are responding. Drop the auth request(session_id:0, seq_no:1)! <BR />*tplusTransportThread: Sep 12 12:30:24.177: ReProcessAuthentication previous proto 30, next proto 20008<BR />*tplusTransportThread: Sep 12 12:30:24.177: Unable to find requested user entry for john<BR />*tplusTransportThread: Sep 12 12:30:24.177: 00:00:0b:df:00:00 Returning AAA Error 'Authentication Failed' (-4) for mobile 00:00:0b:df:00:00<BR />*tplusTransportThread: Sep 12 12:30:24.177: AuthorizationResponse: 0x2bdd8c84<BR /><BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; structureSize................................92<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; resultCode...................................-4<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; protocolUsed.................................0x00000008<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; proxyState...................................00:00:0B:DF:00:00-00:00<BR /><BR />*tplusTransportThread: Sep 12 12:30:24.177:&nbsp;&nbsp;&nbsp;&nbsp; Packet contains 0 AVPs:</P> Mon, 05 Jul 2021 16:10:45 GMT https://community.cisco.com/t5/wireless/wlc-2504-with-tacacs-net-aaa-not-working/m-p/3705842#M5464 ryno.robile1 2021-07-05T16:10:45Z https://community.cisco.com/t5/wireless/wlc-2504-with-tacacs-net-aaa-not-working/m-p/3706570#M5465 <P>Ok, got it partially working. Last question has anybody successfully setup a Cisco WLC to use free Tacacs.net ? getting authentication error Do i need to setup roles how do i do this on tacacs.net ?</P> Thu, 13 Sep 2018 19:07:12 GMT https://community.cisco.com/t5/wireless/wlc-2504-with-tacacs-net-aaa-not-working/m-p/3706570#M5465 ryno.robile1 2018-09-13T19:07:12Z