Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
582
Views
2
Helpful
8
Replies

AAA

liram2307
Level 1
Level 1

‎02-12-2025 02:12 AM - edited ‎02-12-2025 02:13 AM

Hi, in my packet tracer im trying to make aaa authentication + ssh/telnet. 
i have a big project, 3 branches, bgp , asa and so on..
in one branch it works good but in another branch it doesnt work correctly as it should be, i'v tried everything i know, but it doesnt recognize the aaa users and not even the local ones.. i can ping the aaa server. 

in the pkt.file, its "סניף אילת" which is the right one between the 3 branches  (clusters). 

the middle branch "סניף חיפה" is working as it should. 

Labels:
AAA+SSH project.zip
0 Helpful
8 Replies 8

Flavio Miranda
VIP
VIP

‎02-12-2025 02:26 AM

@liram2307 

Which device are you trying to access using ssh and from what PC? 

0 Helpful

liram2307
Level 1
Level 1
In response to Flavio Miranda

‎02-12-2025 02:29 AM

Hi, forgot to mention it. from router RB-C-ELT, through the gig0/0 (tried loopback 0), and from any pc in the branch. 

0 Helpful

Flavio Miranda
VIP
VIP
In response to liram2307

‎02-12-2025 02:43 AM

I dont see any tacacs configuration on the router. Not sure if I am looking the right place. 

https://www.cisco.com/c/pt_br/support/docs/security-vpn/terminal-access-controller-access-control-system-tacacs-/10368-basictacacs.html

 

0 Helpful

liram2307
Level 1
Level 1
In response to Flavio Miranda

‎02-12-2025 02:49 AM

oops, sry wrong pkt file, here is the updated one. 
and here is an img shows what router + server

liram2307_0-1739357374859.png

 

AAA+SSH project.zip
0 Helpful

Flavio Miranda
VIP
VIP
In response to liram2307

‎02-12-2025 10:02 AM - edited ‎02-12-2025 10:02 AM

@liram2307 

  One problem I saw is that you have 10.1.1.254 on both routers, this can cause problem when tacacs server will reply. 

 But, this is not enough to make it work.  There is something else and I could not identify. This configuration is pretty straitforwad and yours is pretty much ok. I am wondering is there is any issue if the router or the packetrracer for this particular config. You may want to test in a small topology with another router model just to make sure. 

liram2307
Level 1
Level 1
In response to Flavio Miranda

‎02-12-2025 10:21 AM

hi, i somehow made it work.. i just did it over and over again and it works now.. i dont know why it didnt work before but as long as it works i will not touch it, hehe. thanks for the help anyways! have a wonderful day!

zsgbrt4
Level 1
Level 1

‎02-14-2025 10:27 AM - edited ‎02-18-2025 10:02 AM

Check AAA configs on סניף אילת:

  1. Ensure correct AAA authentication method (aaa authentication login default group radius local).
  2. Verify radius server settings (IP, shared secret, ports). Spotify MOD
  3. Confirm VTY line authentication (login authentication default).
  4. Check routing/firewall rules between the branch and AAA server.

Since סניף חיפה works, compare its configuration with סניף אילת to spot differences. Let me know if you need further debugging steps!

0 Helpful

liram2307
Level 1
Level 1
In response to zsgbrt4

‎02-14-2025 10:39 AM

hi, i'v managed to make it work as i wrote before. ty for your time!

0 Helpful
Customers Also Viewed These Support Documents