Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7081
Views
0
Helpful
6
Replies

"write to 11.1.1.5 failed with errno 257((ENOTCONN))"

kanchand
Cisco Employee
Cisco Employee

‎10-28-2010 12:59 AM - edited ‎03-10-2019 05:31 PM

I have a ACS 5.0 and a router C5940 tried to authenticated it. When i put a debug tacacs the router  displays "write to 11.1.1.5 failed with errno 257((ENOTCONN))"  the connectivity is ok but the request doesn´t arrive to acs, the other  devices work ok, with the same configuration. I need to know if there  are a solution for this issue.why in the tacacs+ config alone i am facing the issue .whereas for the same device radius is working fine.

thanks for your help,

Labels:
0 Helpful
6 Replies 6

Jagdeep Gambhir
Level 10
Level 10

‎10-28-2010 02:14 AM

Hi,


 The issue can be due to single-connection. Disable it If you have that enabled.


Regards,
~JG


0 Helpful

kanchand
Cisco Employee
Cisco Employee
In response to Jagdeep Gambhir

‎10-28-2010 02:57 AM

Hi,

I have not enabled it .

I am getting these messages when i turned on tacacs+ debug in the router

*Mar  1 21:31:58.654: AAA/AUTHEN/START (4071980044): Method=tacacs+ (tacacs+)
*Mar  1 21:31:58.654: TAC+: send AUTHEN/START packet ver=192 id=-222987252
*Mar  1 21:31:58.654: TAC+: Using default tacacs server-group "tacacs+" list.
*Mar  1 21:31:58.654: TAC+: Opening TCP/IP to 11.1.1.5/49 timeout=60
*Mar  1 21:31:58.658: TAC+: TCP/IP open to 11.1.1.5/49 failed -- Connection refu
sed by remote host
*Mar  1 21:31:58.658: AAA/AUTHEN (4071980044): status = ERROR
*Mar  1 21:31:58.658: AAA/AUTHEN/START (4071980044): Method=ENABLE
*Mar  1 21:31:58.658: AAA/AUTHEN (4071980044): status = GETPASS
5940router#
*Mar  1 21:32:00.454: AAA/AUTHEN/CONT (4071980044): continue_login (user='(undef
)')

Thanks

kanchana

0 Helpful

aneelaka
Level 1
Level 1
In response to kanchand

‎10-28-2010 12:35 PM

Could you check if ACS is reachable from the router, is there any other devices between ACS and router, seems port 49 is not responding, and also check on the access policy on ACS to see the hit counts

0 Helpful

kanchand
Cisco Employee
Cisco Employee
In response to aneelaka

‎11-03-2010 06:41 AM

Yes the router is reachable...


Also, I tried  a sniffer on the network and confirmed that client/router is sending traffic to port 49 on ACS.  ACS does not send to port 49 on client but to the source port for the original message.

Infact i checked on another router also same configuration.Facing the same issue ,

Please someone help me

Router:C5940 Software (C5940-ADVENTERPRISEK9-M), - Version 12.4

Thanks

kanchana

0 Helpful

p.eschbach
Level 1
Level 1

‎11-16-2010 10:02 AM

Had the same problem.  Just needed to use the ip tacacs source-interface command and source the packets from my loopback so they weren't coming from the serial.

0 Helpful

Mohamed_
Level 1
Level 1

‎09-02-2018 09:48 AM

I had the same problem. At the TACACS server make sure you're using the same key you used at the TACACS client.

(/etc/tacacs+/tac_plus.conf )

the key I had configured on tac_plus.conf was (key = cisco)

I just removed the spaces and the problem gone (key=cisco).

 

goodluck :)

0 Helpful
Customers Also Viewed These Support Documents