Tacacs+ problem with ACS 5.2

isoyewale · ‎03-31-2011

I am new with ACS server 5.2 can someone please help me before I bang my head on the wall. I have configured the ACS server 5.2 but still cannot authenticate users. The router can ping the ACS server. With debugging I got the following error message:

Switch#
6d07h: TAC+: Using default tacacs server-group "tacacs+" list.
6d07h: TAC+: Opening TCP/IP to 110.7.111.8/49 timeout=5
6d07h: TAC+: TCP/IP open to 110.7.111.8/49 failed -- Connection timed out; remote host not responding
6d07h: TAC+: Opening TCP/IP to 110.7.111.7/49 timeout=5
6d07h: TAC+: TCP/IP open to 110.7.111.7/49 failed -- Connection timed out; remote host not responding

6d07h: TAC+: send AUTHEN/START packet ver=192 id=3004581909
6d07h: TAC+: Using default tacacs server-group "tacacs+" list.
6d07h: TAC+: Opening TCP/IP to 110.7.111.8/49 timeout=5
6d07h: TAC+: TCP/IP open to 110.7.111.8/49 failed -- Connection timed out; remote host not responding
6d07h: TAC+: Opening TCP/IP to 110.7.111.7/49 timeout=5
6d07h: TAC+: TCP/IP open to 110.7.111.7/49 failed -- Connection timed out; remote host not responding

Your kind help will be highly appreciated.

Yudong Wu · ‎03-31-2011

Did you add the switch as AAA client in ACS box? Make sure you use the correct switch IP when adding it in ACS.

YOu can go to "monitoring and Report" on ACS to check the log to see what happened.