Authentication Failure (did not match AAA client) ACS 5.0

ciscoguy · ‎12-15-2010

Dear All,

I am using ACS 5.0 version. Devices cannot able to access ACS If I am creating /32 IP device(AAA Client) address in the ACS.

When I define subnet for the device e.g. /24 then all devices in the same subnet will start working.

Why single IP address of the devices are not working? I am getting the following logs when use /32 IP address:

Failure Reason > Authentication Failure Reason Lookup
Failure Reason :

13017 Received TACACS+ packet from unknown Network Device or AAA Client
Generated on:December 15, 2010 10:48:36 AM UTC

Description

A TACACS+ packet was received with a source IP Address that did not match any configured Network Device or AAA Client

Resolution Steps

Verify that the Network Device or AAA client is configured in Network Resources > Network Devices and AAA Clients >

Is this is version bug? Should I go to 5.1 ver?

Regards,

Anser

Nicolas Darchis · ‎12-15-2010

Hi,

when you say you configure a /32, do you configure an ip range with a mask of /32 ? or do you configure a "single ip address" ?

Can you send a screenshot of your non-working aaa device config ?

What patch level do you have on acs 5.0 ?

Thanks,

Nicolas

===

Don't forget to rate answers that you find useful

Muhammad Anser Khan · ‎12-15-2010

Problem is solved. The problem was not with ACS. There was a firewall between ACS and a client which was doing NATing for the reverse traffic

Whereas I have installed the patch 9. But I am planning to upgrade version 5.0 to 5.1.

Regards,

Anser