04-14-2012 11:23 PM - edited 03-10-2019 07:00 PM
Hello,
we have setup of AAA Cisco ACS 4.2, have noticed unusual behaviour of authentication,
When the user tries to authenticate using unknown username and password, the first time it will say fail and prompts for Enable Password.
but if the user is correct and password is not correct it asks for the username and password again.
Can any one help.?
04-15-2012 09:25 AM
Could you please post the router/switch configuration (at least the AAA relevant portions), and console output with the following debugs enabled:
debug aaa authentication
debug tacacs (or debug radius, depending on what protocol you're using)
04-15-2012 09:20 PM
Hi Javier,
here is the config,
aaa group server tacacs+ TACSRV
aaa authentication login default group TACSRV enable
aaa authentication login console none
aaa accouting exec default start-stop group TACSRV
aaa session-id common
i cannot see anything unusuall in debug,
you want me to paste the debug output also "??
04-15-2012 10:48 PM
Ok Thank you . i got the answer.
tacacs-server timeout 30
default is 5 sec, due to which it thinks the ACS Server is not reachable and prompts for enable password as per my config.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide