Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1245
Views
0
Helpful
3
Replies

AS5850's not allowing me to use aaa

m.montenegro
Level 1
Level 1

‎05-10-2004 12:25 PM - edited ‎03-10-2019 07:47 AM

hi everyone,

i have a problem getting the accesss severs (AS5850's and AS5550's to work using aaa authentication. anytime i add in the aaa configuration i am able to ping but not telnet using my user/password.

the folllowing is a template of commands i use for all devices.

aaa new-model

aaa authentication banner ^CC Unauthorized use is Prohibited ^C

aaa authentication fail-message ^CC Failed Login ^C

aaa authentication login default group tacacs+ local none

aaa authentication enable default group tacacs+ line enable none

aaa authorization exec default group tacacs+ if-authenticated

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎05-12-2004 07:56 AM

You have not provided enough information to allow us to diagnose the issue.

- In the config how is the tacacs host configured and how is the tacacs password configured?

- After you attempt to telnet do you get the "failed login" error message?

- What are the results of doing show tacacs on the router?

- Are you sure that your user name and password are correctly defined in tacacs and are you sure that your id in tacacs is set up to have access to these devices?

- Have you run debug tacacs authentication? and if so what results did debug produce?

When we know these things we will be in much better position to answer your problem.

HTH

Rick
0 Helpful

m.montenegro
Level 1
Level 1
In response to Richard Burts

‎05-12-2004 12:36 PM

ok,

these are the lines i use for all my devices and they work perfectly, but when i try the same config on the 2611SLT's and the 3745gatekeepers it doesn't even give me a user name and password prompt but i am able to ping it from my tacacs server.

aaa new-model

aaa authentication banner ^CC Unauthorized use is Prohibited ^C

aaa authentication fail-message ^CC Failed Login ^C

aaa authentication login default group tacacs+ local none

aaa authentication enable default group tacacs+ line enable none

aaa authorization exec default group tacacs+ if-authenticated

Tacacs-server host *.*.*.*

Tacacs-server key *********

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to m.montenegro

‎05-12-2004 01:10 PM

the fact that there is no prompt for username or password may be a clue.

Could you post the configuration of the vty ports.

In particular I am interested in is exec or no exec configured; is there an access-class configured; is a password configured; is there a particular transport configured.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents