Once I used a router (3660)for dail-in with ACS and RSA,then I am going to take the 2611 over 3660,and the configure are basicly the same. But I can not dail-in with token,and on the ACS I found this message:cached token rejected/expired.However if I dial-in with the ACS local database I can dail-in succesfully.
Any one get this issue?
Sorry for my poor English.
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authentication ppp default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization network default group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 0 default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting network default start-stop group tacacs+
aaa session-id common
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
ip tcp synwait-time 10
!
interface Group-Async1
ip unnumbered Loopback0
encapsulation ppp
ip tcp header-compression
no ip mroute-cache
no logging event link-status
async default routing
async mode interactive
peer default ip address pool ipGroup-1
ppp authentication chap one-time
group-range 33 48
!