Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
424
Views
0
Helpful
2
Replies

TACACS+ Authenticates one account but no others.

crbishop111
Level 1
Level 1

‎06-23-2016 06:10 AM - edited ‎03-10-2019 11:53 PM

I have a large network consisting of around 300 layer 2 switches and 5 ITNs. We have TACACS+ installed and have been using it for authentication for years. Just recently, our TACACS+ has begun getting the following error:

"%SEC_LOGIN-4-LOGIN_FAILED: Login failed [user: XXXXXXX] [Source: xxx.xxx.xxx.xxx] [localport: 22] [Reason: Login Authentication Failed] at 07:54:21 CST Thu Jun 23 2016"

This error occurs on about 80% of the switches on the network, but the other 20% authenticate and log in just fine.

If I use the TACACS+ account we have made for our Cisco Prime server to login to switches, it authenticates on every one. The TACACS+ configurations are identical on all devices, so I don't understand what could be the issue. Why would one TACACS+ user account authenticate just fine, but the others only authenticate on 20% of the network.

Our version of ACS is 5.5

Thanks for any help!

Labels:
0 Helpful
2 Replies 2

nspasov
Cisco Employee
Cisco Employee

‎06-24-2016 12:01 AM

I am not sure I understand the description of the problem completely. Is the user failing the authentication the same as your Prime user?

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful

crbishop111
Level 1
Level 1
In response to nspasov

‎06-24-2016 09:13 AM

The Prime user account authenticates successfully on every network device. All other individual TACACS+ accounts only succeed on about 20% of the network devices, even though they all have the same TACACS+ configuration.

0 Helpful
Customers Also Viewed These Support Documents