06-15-2007 01:24 AM - edited 03-10-2019 03:13 PM
01:19:44: TAC+: Invalid AUTHEN/START/LOGIN/ASCII packet (check keys).
01:19:44: TAC+: Closing TCP/IP 0xAC5F14 connection to 10.52.166.119/49
01:19:44: TAC+: Using default tacacs server-group "tacacs+" list.
01:19:46: TAC+: Using default tacacs server-group "tacacs+" list.
01:19:46: TAC+: Opening TCP/IP to 10.52.166.119/49 timeout=5
01:19:46: TAC+: Opened TCP/IP handle 0xABDD68 to 10.52.166.119/49
01:19:46: TAC+: 10.52.166.119 (2254716401) ACCT/REQUEST/STOP queued
01:19:46: TAC+: (2254716401) ACCT/REQUEST/STOP processed
01:19:46: TAC+: received bad ACCT packet: type = 0, expected 3
01:19:46: TAC+: Invalid ACCT/REQUEST/STOP packet (check keys).
01:19:46: TAC+: Closing TCP/IP 0xABDD68 connection to 10.52.166.119/49
01:19:46: TAC+: Using default tacacs server-group "tacacs+" list.
01:20:19: TAC+: Using default tacacs server-group "tacacs+" list.
01:20:19: TAC+: Opening TCP/IP to 10.52.166.119/49 timeout=5
01:20:19: TAC+: Opened TCP/IP handle 0xAC5F14 to 10.52.166.119/49
01:20:19: TAC+: 10.52.166.119 (726398633) ACCT/REQUEST/STOP queued
01:20:19: TAC+: (726398633) ACCT/REQUEST/STOP processed
01:20:19: TAC+: received bad ACCT packet: type = 0, expected 3
01:20:19: TAC+: Invalid ACCT/REQUEST/STOP packet (check keys).
01:20:19: TAC+: Closing TCP/IP 0xAC5F14 connection to 10.52.166.119/49
01:20:19: TAC+: Using default tacacs server-group "tacacs+" list.
01:20:19: TAC+: Using default tacacs server-group "tacacs+" list.
01:20:19: TAC+: Opening TCP/IP to 10.52.166.119/49 timeout=5
01:20:19: TAC+: Opened TCP/IP handle 0xABDD68 to 10.52.166.119/49
01:20:19: TAC+: 10.52.166.119 (1195930714) ACCT/REQUEST/STOP queued
01:20:20: TAC+: (1195930714) ACCT/REQUEST/STOP processed
01:20:20: TAC+: received bad ACCT packet: type = 0, expected 3
01:20:20: TAC+: Invalid ACCT/REQUEST/STOP packet (check keys).
01:20:20: TAC+: Closing TCP/IP 0xABDD68 connection to 10.52.166.119/49
01:20:20: TAC+: Using default tacacs server-group "tacacs+" list.
Can anybody help me understand this TACACS debug that I get when I try and authenticate on this device using TACACS?
Many thanks,
Dan
06-15-2007 04:43 AM
Hi Dan,
Here is some info :
01:19:44: TAC+: Using default tacacs server-group "tacacs+" list.
01:19:46: TAC+: Using default tacacs server-group "tacacs+" list.
It is using default configured tacacs list.
01:19:46: TAC+: Opening TCP/IP to 10.52.166.119/49 timeout=5
01:19:46: TAC+: Opened TCP/IP handle 0xABDD68 to 10.52.166.119/49
01:19:46: TAC+: 10.52.166.119 (2254716401) ACCT/REQUEST/STOP queued
Here it is trying to make a connection with tacacs server on port 49 ( default tacacs port), request is queued.
01:19:46: TAC+: (2254716401) ACCT/REQUEST/STOP processed
01:19:46: TAC+: received bad ACCT packet: type = 0, expected 3
01:19:46: TAC+: Invalid ACCT/REQUEST/STOP packet (check keys).
01:19:46: TAC+: Closing TCP/IP 0xABDD68 connection to 10.52.166.119/49
Here it is not getting any response from tacacs due to secret key mismatch.
And loop goes on.
Please reenter aaa key on this device and acs , pls do not copy/paste
Also be aware that in ACS aaa client key take precedence over NDG key.
Let me know how that goes.
Regards,
Jagdeep
06-15-2007 07:51 AM
The "check keys" message would seem to indicate the shared secret doesnt match the one on the AAA server.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: