Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2797
Views
0
Helpful
2
Replies

ACE 4710 A3(2.0) and ACS - TACACS+

Go to solution
olemariuss
Level 1
Level 1

‎08-17-2010 09:12 AM

Hi.

I am having trouble getting my ACE 4710 (A3(2.0) Build 3.0) to cooperate with my Cisco Secure ACS-server. In the same environment I have it working on my ACE Module, with the same configuration.

ACE 4710:

tacacs-server host 10.7.50.20 key 7 "fewhg"
aaa group server tacacs+ tacacs_server_group
    server 10.7.50.20
    deadtime 15
aaa authentication login default group tacacs_server_group local none
aaa accounting default group tacacs_server_group local
aaa authentication login error-enable

ACS is configured correctly too. I have tried with several users, both in groups, with and without attributes and so forth. The ACS installation works with other devices and with my ACE modules running A2(3.1). I have tried this on both ACS 4.2(0).124 and 4.2(1).15.

The strange part is what I see when I set up Wireshark on my ACS-server to look at the traffic. From what I can see, the ACE only sends a request to the AAA-server if the user exists locally. But I do not get authenticated and Failed Attempts show a line with with Message-Type: "Unknown NAS".

It seems like others have the same problem. The problem is that the link attacked in the topic beneath only leads me back to forum and not to a topic with solution.

https://supportforums.cisco.com/thread/132445?decorator=print&displayFullThread=true#132445

Any help is appreciated and thanks in advance!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
litrenta
Level 3
Level 3

‎08-17-2010 11:23 AM

are you using telnet or ssh ?

if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078

http://tools.cisco.com/squish/03240

View solution in original post

0 Helpful
2 Replies 2

Go to solution
litrenta
Level 3
Level 3

‎08-17-2010 11:23 AM

are you using telnet or ssh ?

if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078

http://tools.cisco.com/squish/03240

0 Helpful

Go to solution
olemariuss
Level 1
Level 1
In response to litrenta

‎08-21-2010 05:54 AM

Thanks for answer. Also works great with accessing it through https first.:)

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card