Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1650
Views
0
Helpful
7
Replies

Tacacs authentication not working

davidcruise
Level 1
Level 1

‎07-09-2008 06:32 AM - edited ‎03-10-2019 03:57 PM

i have AAA server , when i configure tacacs authentication on edge switch , no response from AAA to the edge switch , but for radius configuration it is working

Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎07-09-2008 07:05 AM

Hani

You have not provided much for us to work with. Based on your description I would think that the problem might be one of these things:

- perhaps the switch configuration for the tacacs server is not correct?

- perhaps the switch configuration of the shared key with the tacacs server is not correct?

- perhaps the IP address chosen by the switch as the source for the tacacs request is not the same address that is configured on the tacacs server for this client.

- perhaps there is some error in the switch configuration for tacacs configuration.

I would suggest that a good place to start investigating this issue is in the logs of the tacacs server. Is the server seeing the authentication request? If so then there may be some error code that indicates what the problem is. If the server is not seeing the request then it point to a different kind of problem.

It would also be helpful to post the switch config so we can check for issues in the switch config.

HTH

Rick

HTH

Rick
0 Helpful

davidcruise
Level 1
Level 1
In response to Richard Burts

‎07-09-2008 07:43 AM

- i am sure of the tacacs configuration of the switch .

-the switch & ACS are reachable to each other

& no communication problem.

-for test i installed the acs on VMWare which resides on the ACS server itself, i give the VMWare ip address 192.168.170.12 , which is in the same range of ACS server ip address 192.168.170.11

& changed the Tacacs server ip address on the edge switch from 192.168.170.11 to 192.168.170.12 , & tacacs authentication worked fine .

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to Richard Burts

‎07-09-2008 07:53 AM

David,

If incase this is acs appliance, then disable remote logging and see if that make tacacs authentication work.

Regards,

~JG

0 Helpful

davidcruise
Level 1
Level 1
In response to Jagdeep Gambhir

‎07-11-2008 12:55 AM

no it is not acs appliance

0 Helpful

cisco24x7
Level 6
Level 6
In response to davidcruise

‎07-11-2008 03:23 AM

According to what you said, it is reasonable

to say that the ACS server is having issues.

I would the following:

1- from the switch telnet to the ACS server

via port 49 and see port 49 is listening:

C3750#telnet 10.250.97.28 49

Trying ... Open

[Connection closed by foreign host]

C3750#

2- to confirm that tcp port 49 is listening

on the ACS server, do "netstat -an | findstr

49"

3- I am guessing that the CSTacacs service

is not running but the CSRadius is. Check

the Windows service and restart CSTacacs

service and see if you can restart it.

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to cisco24x7

‎07-11-2008 04:48 AM

Other then that also check how aaa server is setup i.e Go to acs--->network configuration---->AAA server----> Make sure it is set up as "Cisco Secure ACS" and not Radius.

Regards,

~JG

0 Helpful

chaitu_kranthi
Level 1
Level 1

‎07-11-2008 11:20 AM

Hi,

If you are having Multiple Vlan in the Switch then also this problem will come.

issue a command

"ip tacacs source-interface Vlan 1"

may this sloves your problem.

0 Helpful
Customers Also Viewed These Support Documents