cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
0
Helpful
1
Replies

acs secondary not authenticating

jhill
Level 1
Level 1

We have 2 ACS 5.5 servers in a deployment.  There are internal users created which use LDAP for their password auth. The internal users are mapped to device groups.  The primary ACS will auth without issues but we get access denied with these errors from the AAA diags on the secondary:  failed to accept TACACS+ client connection | code 13009 | Details: Device IP Address= :: device port =0

Any help would be welcome.  THanks!

1 Reply 1

Kanwaljeet Singh
Cisco Employee
Cisco Employee

Hi,

If you point the user working on primary to secondary, does the same user face the same issue or you are seeing these logs on the secondary but the users work fine? Would need to review the support bundle collected from the secondary. Might need to enable debugs to get more details while you are getting these message. It seems you are getting illegitimate TACACS requests towards secondary ACS.

Regards,

Kanwal

Note: Please mark answers if they are helpful.