10-04-2006 11:06 AM - edited 03-10-2019 02:46 PM
I'm having a strange problem with a few routers sending invalid characters to my TACACS server. Example is it's trying to authenticate part of the banner.
Here's the aaa config and part of the debug.
aaa new-model
aaa authentication login default group tacacs+ line
aaa authentication login no_tacacs enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ if-authenticated
aaa authorization commands 1 default group tacacs+ if-authenticated
aaa authorization commands 15 default group tacacs+ if-authenticated
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
DEBUG:
Oct 4 18:50:30.842: AAA/MEMORY: free_user (0x6364C220) user='NULL' ruser='NULL' port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1
Oct 4 18:50:33.842: AAA: parse name=tty0 idb type=-1 tty=-1
Oct 4 18:50:33.842: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
Oct 4 18:50:33.842: AAA/MEMORY: create_user (0x63588100) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0'
Oct 4 18:50:34.594: AAA/MEMORY: free_user_quiet (0x63588100) user='expressly consents to ' ruser='NULL' port='tty0' rem_addr='async' authen_type=1 service=1 priv=1
Oct 4 18:50:34.594: AAA: parse name=tty0 idb type=-1 tty=-1
Oct 4 18:50:34.594: AAA: name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
Oct 4 18:50:34.594: AAA/MEMORY: create_user (0x6364ECAC) user='NULL' ruser='NULL' ds0=0 port='tty0' rem_addr='async' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0'name=tty0 flags=0x11 type=4 shelf=0 slot=0 adapter=0 port=0 channel=0
Thanks for any info...
10-04-2006 01:05 PM
Hi,
Do we have a modem attached to this router if so please remove it and check its configurations.
Please enter "no exec" command under aux port.
Let me know if this helps.
Thanks
Gagan
10-04-2006 01:43 PM
Thanks for hte response.
Yes, I do have a modem. Why would I use the "no exec" command?
Thanks
10-06-2006 06:45 AM
Hi,
The no exec command allows you to disable the EXEC process for connections which may attempt to send unsolicited data to the router. (For example, the control port of a rack of modems attached to an auxiliary port of router.) When certain types of data are sent to a line connection, an EXEC process can start, which makes the line unavailable.
Thanks
Gagan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide