Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
1
Replies

acs secondary not authenticating

jhill
Level 1
Level 1

‎09-25-2015 09:47 AM - edited ‎03-10-2019 11:05 PM

We have 2 ACS 5.5 servers in a deployment.  There are internal users created which use LDAP for their password auth. The internal users are mapped to device groups.  The primary ACS will auth without issues but we get access denied with these errors from the AAA diags on the secondary:  failed to accept TACACS+ client connection | code 13009 | Details: Device IP Address= :: device port =0

Any help would be welcome.  THanks!

Labels:
0 Helpful
1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

‎09-28-2015 12:42 PM

Hi,

If you point the user working on primary to secondary, does the same user face the same issue or you are seeing these logs on the secondary but the users work fine? Would need to review the support bundle collected from the secondary. Might need to enable debugs to get more details while you are getting these message. It seems you are getting illegitimate TACACS requests towards secondary ACS.

Regards,

Kanwal

Note: Please mark answers if they are helpful.

0 Helpful
Customers Also Viewed These Support Documents