Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
0
Helpful
2
Replies

TACACS Problem on CSS

joerg.micheel
Level 1
Level 1

‎09-05-2006 02:12 AM

Dear ALL,

we have some trouble with TACACS on the CSS. We have configured all relevant stuff on the box, but we will receive no successfull replay from the Server, when we use our RADIUS Server then the reply will be done very nice and successfully. The Setup is the easiest way the Server will be in the same subnet as the CSS. ANy hints or tricks ?

The log from CSS is this :

SEP 5 02:59:28 1/1 9 SECURITY-7: SECMGR:SecurityAuth:Request from 0x00004b07

SEP 5 02:59:28 1/1 10 SECURITY-7: SECMGR:SecurityMgrProc:Try Primary

SEP 5 02:59:28 1/1 11 SECURITY-7: Security Manager sending error 7 reply to caller 1c01

SEP 5 02:59:28 1/1 12 SECURITY-7: SECMGR:SecurityMgrProc:Try Secondary

SEP 5 02:59:28 1/1 13 SECURITY-7: Security Manager sending error 7 reply to caller 1c01

SEP 5 02:59:28 1/1 14 SECURITY-7: SECMGR:SecurityMgrProc:Try Tertiary

SEP 5 02:59:28 1/1 15 SECURITY-7: Security Manager sending success 0 reply to caller 1c01

SEP 5 02:59:28 1/1 16 SECURITY-7: SECMGR:SecurityMgrProc:Try Done, Send 0x00004b07

SEP 5 03:00:01 1/1 17 NETMAN-6: Session logged out due to idle timer

SEP 5 03:03:10 1/1 18 SECURITY-7: SECMGR:SecurityAuth:Request from 0x00004b09

SEP 5 03:03:10 1/1 19 SECURITY-7: SECMGR:SecurityMgrProc:Try Primary

SEP 5 03:03:10 1/1 20 SECURITY-7: Security Manager sending error 7 reply to caller 1c01

SEP 5 03:03:10 1/1 21 SECURITY-7: SECMGR:SecurityMgrProc:Try Secondary

SEP 5 03:03:10 1/1 22 SECURITY-7: Security Manager sending error 7 reply to caller 1c01

SEP 5 03:03:10 1/1 23 SECURITY-7: SECMGR:SecurityMgrProc:Try Tertiary

SEP 5 03:03:10 1/1 24 SECURITY-7: Security Manager sending success 0 reply to caller 1c01

SEP 5 03:03:10 1/1 25 SECURITY-7: SECMGR:SecurityMgrProc:Try Done, Send 0x00004b09

SEP 5 03:03:41 1/1 26 NETMAN-6: Session logged out due to idle timer

Labels:
0 Helpful
2 Replies 2

pknoops
Level 3
Level 3

‎09-07-2006 05:03 AM

HI Joerg,

Are you trying to have CSS logins authenticate through TACACS ? If so, can you paste a the important part of the TACACS CSS config here for a review ?

Thanks

Pete..

0 Helpful

joerg.micheel
Level 1
Level 1
In response to pknoops

‎09-08-2006 12:54 AM

Hi There,

here are the config.

we Have also tried with the quoted text password. Decrypted and encrypted. Nothing helps. Thx for a solution

virtual authentication primary tacacs

virtual authentication secondary local

cdp run

logging subsystem security level debug-7

logging subsystem netman level info-6

tacacs-server 192.168.0.5 49

tacacs-server authorize config

tacacs-server key testsecret

0 Helpful
Customers Also Viewed These Support Documents