cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1658
Views
0
Helpful
5
Replies
Highlighted

Resolved: ACS4.2 ssh fails but telnet OK for same user


An ACS Internal DB user cannot ssh to a 3750 switch but telnet works fine.

Authentication method is TACACS+
Other users in the same ACS user group as the problem user can both ssh and telnet to this switch OK.

Debug on the switch shows:

TPLUS: Received authen response status FAIL (3)

The ACS Failed Attempts log shows

ACS password invalid

The ACS Auth.log shows

E 3306 4384 0x27e2 Plain DB pass check for <username> failed"

for the failed username.

The 3750 switch is running 12.2(44)SE6
ACS is 4.2.0.124p11

Really puzzling that telnet using exact same user/password works fine.
Does anyone have any clues/pointers?
TIA, Graeme

Everyone's tags (3)
5 REPLIES 5
Highlighted

Re: ACS4.2 ssh fails but telnet OK for same user


An ACS Internal DB user cannot ssh to a 3750 switch but telnet works fine.

Authentication method is TACACS+
Other users in the same ACS user group as the problem user can both ssh and telnet to this switch OK.

Debug on the switch shows:

TPLUS: Received authen response status FAIL (3)

The ACS Failed Attempts log shows

ACS password invalid

The ACS Auth.log shows

E 3306 4384 0x27e2 Plain DB pass check for failed"

for the failed username.

The 3750 switch is running 12.2(44)SE6
ACS is 4.2.0.124p11

Really puzzling that telnet using exact same user/password works fine.
Does anyone have any clues/pointers?
TIA, Graeme

Hi Graeme,

For ssh connection with switch your switches should haev cryptographic image with K9 in ios,then only you can ssh the switch.

Hope to Help !!

Ganesh.H

Remember to rate the helpful post

Highlighted

Re: ACS4.2 ssh fails but telnet OK for same user

Ganesh,  thanks for taking the time to respond but it doesn't help at all...

> Other users in the same ACS user group as the problem user can both ssh and telnet to this switch OK.

Highlighted
Enthusiast

Re: ACS4.2 ssh fails but telnet OK for same user

Try removing the user from ACS and re-adding it.

Also, does the user have any special characters in its password? If so, try changing it to something using just letters and numbers, as a troubleshooting step.

Re: ACS4.2 ssh fails but telnet OK for same user

The password has a mix of upper case lower case and numbers - no special characters. I resolved by re-entering the same password into ACS. Strange.

Highlighted
Enthusiast

Re: ACS4.2 ssh fails but telnet OK for same user

This suggests possible corruption in the ACS database.