09-03-2008 10:14 AM - edited 03-10-2019 04:04 PM
We have the Cisco Secure ACS v 3.2. There is a devices that we recently discovered is not added into the network configuration on the ACS. This device running IOS 12.2(29) does have all of the correct tacacs settings that should allow it to authenticate via Tacacs.
So basically, the ACS is allowing users to use this device to login, even though it's not in the Network Config.
When we look at the Logged-in Users report, it show the host name as "Tacacs+ Default". We aren't sure what that is supposed to mean, and why it's allowing it.
Thank You for your time,
Andrew
09-04-2008 02:11 AM
Andrew,
Make sure that you not using any Wildcards inplace to IP address in network configuration. Eg using 192.168.*.*
This will open tacacs request from whole network 192.168
Also check the passed attempts and check the NAS IP address from the where the request is coming. Search for that IP in network configuration and see if that IP belong to that switch in question. L3 switch can have multiple ip address.
If that IP belong to that swtich , then you need to take that out from network configuration.
Regards,
~JG
Do rate helpful posts
09-04-2008 05:53 AM
I went through and checked for both cases. But still haven't found out the reason.
One thing we did notice, the tacacs server key on this switch is different than the keys we typically use. It's possible someone could have put this key in there a long time ago, and that person probably doesn't work here anymore. Is there some magicical cisco ACS tacacs server key that will allow it to authenticate no matter what?
Thanks.
09-04-2008 09:34 AM
Sounds strange...No there is no magical key for ACS or any other device. If the key in acs is different to key in switch then it should not authenticate.
Without AAA client IP and secret key ACS will not let that client to communicate. There is surely something misconfiguration.
Can you login to that switch and get these debugs. debug tacacs and debug aaa authentication.
Regards,
~JG
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide