Showing results for 
Search instead for 
Did you mean: 

"write to failed with errno 257((ENOTCONN))"

Cisco Employee
Cisco Employee

I have a ACS 5.0 and a router C5940 tried to authenticated it. When i put a debug tacacs the router  displays "write to failed with errno 257((ENOTCONN))"  the connectivity is ok but the request doesn´t arrive to acs, the other  devices work ok, with the same configuration. I need to know if there  are a solution for this issue.why in the tacacs+ config alone i am facing the issue .whereas for the same device radius is working fine.

thanks for your help,

6 Replies 6

Jagdeep Gambhir
Level 10
Level 10


 The issue can be due to single-connection. Disable it If you have that enabled.



I have not enabled it .

I am getting these messages when i turned on tacacs+ debug in the router

*Mar  1 21:31:58.654: AAA/AUTHEN/START (4071980044): Method=tacacs+ (tacacs+)
*Mar  1 21:31:58.654: TAC+: send AUTHEN/START packet ver=192 id=-222987252
*Mar  1 21:31:58.654: TAC+: Using default tacacs server-group "tacacs+" list.
*Mar  1 21:31:58.654: TAC+: Opening TCP/IP to timeout=60
*Mar  1 21:31:58.658: TAC+: TCP/IP open to failed -- Connection refu
sed by remote host
*Mar  1 21:31:58.658: AAA/AUTHEN (4071980044): status = ERROR
*Mar  1 21:31:58.658: AAA/AUTHEN/START (4071980044): Method=ENABLE
*Mar  1 21:31:58.658: AAA/AUTHEN (4071980044): status = GETPASS
*Mar  1 21:32:00.454: AAA/AUTHEN/CONT (4071980044): continue_login (user='(undef



Could you check if ACS is reachable from the router, is there any other devices between ACS and router, seems port 49 is not responding, and also check on the access policy on ACS to see the hit counts

Yes the router is reachable...

Also, I tried  a sniffer on the network and confirmed that client/router is sending traffic to port 49 on ACS.  ACS does not send to port 49 on client but to the source port for the original message.

Infact i checked on another router also same configuration.Facing the same issue ,

Please someone help me

Router:C5940 Software (C5940-ADVENTERPRISEK9-M), - Version 12.4



Level 1
Level 1

Had the same problem.  Just needed to use the ip tacacs source-interface command and source the packets from my loopback so they weren't coming from the serial.

Level 1
Level 1

I had the same problem. At the TACACS server make sure you're using the same key you used at the TACACS client.

(/etc/tacacs+/tac_plus.conf )

the key I had configured on tac_plus.conf was (key = cisco)

I just removed the spaces and the problem gone (key=cisco).


goodluck :)