Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12188
Views
3
Helpful
13
Replies

%AAA-3-BADSERVERTYPEERROR: Cannot process accounting server type tacacs+ (UNKNOWN)

RicardoFranca8027
Level 1
Level 1

‎08-16-2019 10:20 AM

Estou com varios alarmes de TACACS no meu router, porém não estou achando nunhum erro parecido para o meu problema na internet.

 

15 de agosto 19: 44: 00.049:% DOMAIN-5-TCA: TCA recebido. Detalhes: ID da instância = 0: VRF = padrão: ID do site de origem = xxxx: ID do site de destino = xxxx: TCA-ID = 177812: TCA-Origem = xxxx (R): saída = [CHAN-ID = 7943, BR-IP = xxxx, DSCP = af21 [18], Interface = Tunnel11, Caminho = INET [label = 0: 11 | 0: 0 [0xB0000]]]: Política violada = navegação: limites (real / config) = [P1 = taxa de perda de bytes (2.16 / 2.0)], [P1 = taxa de perda de bytes (2.16 / 2.0)] , [P1 = taxa de perda de bytes (2,16 / 2,0)], [P1 = taxa de perda de bytes (2,16 / 2,0)], [P1 = taxa de perda de bytes (2,16 / 2,0)], [P1 = byte taxa de juros (2,16 / 2,0)]

15 de agosto 19: 44: 00.049:% DOMAIN-5-TCA: TCA recebido. Detalhes: ID da instância = 0: VRF = padrão: ID do site de origem = xxxx: ID do site de destino = xxxx: TCA-ID = 177812: TCA-Origem = xxxx (R): saída = [CHAN-ID = 7943, BR-IP = xxxx, DSCP = af21 [18], Interface = Tunnel11, Caminho = INET [label = 0: 11 | 0: 0 [0xB0000]]]: Política violada = navegação: limites (real / config) = [P1 = taxa de perda de bytes (2.16 / 2.0)]


15 de agosto 19: 44: 00.050:% DOMAIN-5-TCA: TCA recebido. Detalhes: ID da instância = 0: VRF = padrão: ID do site de origem = xxxx: ID do site de destino = xxxx: TCA-ID = 177812: TCA-Origem = xxxx (R): saída = [CHAN-ID = 7943, BR-IP = xxxx, DSCP = af21 [18], Interface = Tunnel11, Caminho = INET [label = 0: 11 | 0: 0 [0xB0000]]

Aug 15 19: 44: 42.807:% AAA-3-BADSERVERTYPEERROR: Não é possível processar tacacs do tipo de servidor de contabilidade + (DESCONHECIDO)

 

Estou usando o roteador ISR4221 / K9 versão 16.06.03 Everest 

Labels:
0 Helpful
13 Replies 13

marce1000
VIP
VIP

‎08-16-2019 10:43 PM

 

 - Make sure you have a TACACS server configured  : 

         https://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/aaa_tacacs.pdf

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

RicardoFranca8027
Level 1
Level 1
In response to marce1000

‎08-21-2019 06:28 AM

Yes, I have tacacs set up.

All settings and authentication password have been validated.

0 Helpful

marce1000
VIP
VIP
In response to RicardoFranca8027

‎08-21-2019 08:42 AM

 

 - Ok. check the TACACS server's logs too when an authentication attempt is done from the switch. Are there any errors observed (e.g.) ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

RicardoFranca8027
Level 1
Level 1
In response to marce1000

‎08-22-2019 10:05 AM

Note: We checked the password that is set on the Routers and Tacacs server (ACS) and found that in addition to being correct the connections are being authenticated, however we continue with the session breaks and the message in APIC: ERROR-CONECTION-CLOSED and on routers:% AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type tacacs + (UNKNOWN).

0 Helpful

marce1000
VIP
VIP
In response to RicardoFranca8027

‎08-22-2019 11:42 AM

 

  - Could be a software bug , if applicable check more recent releases for your platform.

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

MohdHaizarAbdulLatiff4746
Level 1
Level 1
In response to marce1000

‎05-25-2023 11:18 PM

Hi All, need further assistance on how to login my router.

Previously i have perform below configuration to our cisco router ISR 4431 series

!
aaa new-model
!
!
aaa authentication login default group tacacs+ local line enable
aaa authentication login async none
aaa authentication enable default group tacacs+ enable
aaa authorization console
aaa authorization exec default group tacacs+ if-authenticated
aaa accounting exec default
action-type start-stop
group tacacs+
!
aaa accounting commands 1 default
action-type stop-only
group tacacs+
!
aaa accounting commands 15 default
action-type start-stop
group tacacs+
!

BUT after my console access to the ended & try to login again, the below error messages occur & I cannot login to the router as I'm not set any username & password previously.

User Access Verification

Username:
*May 26 06:12:59.442 UTC: %AAA-3-BADSERVERTYPEERROR: Cannot process authentication server type tacacs+ (UNKNOWN)

Please help me on how to login access to the router. TQ

 

Georg Pauwen
VIP
VIP
In response to MohdHaizarAbdulLatiff4746

‎05-26-2023 02:24 AM

Hello,

typically, when the TACACS server is reachable but no username is configured, it will not fallback to 'local', and hence will not authenticate. I assume you have checked if the user you are trying to authenticate has been configured on the TACACS server ?

0 Helpful

MohdHaizarAbdulLatiff4746
Level 1
Level 1
In response to Georg Pauwen

‎05-28-2023 05:51 AM

Hi Georg Pauwen,

For your question:

"I assume you have checked if the user you are trying to authenticate has been configured on the TACACS server ?"

Answer: No, we have not done any user configuration or authentication on TACACS server.

Currently we cannot access login to the router as we have try username 1)cisco 2)admin & 3)root but unsuccessful.

So we seek help and guide on how to factory reset the Cisco router (ISR 4431 model) & access to ROMMON. 

Thanks.

0 Helpful

MohdHaizarAbdulLatiff4746
Level 1
Level 1
In response to MohdHaizarAbdulLatiff4746

‎05-28-2023 06:19 AM

FYI, we currently just try to push the config inside the router & the router is not in production yet.

Please help us on how to factory reset the router.

0 Helpful

MHM Cisco World
VIP
VIP
In response to MohdHaizarAbdulLatiff4746

‎05-28-2023 08:04 AM

group tacacs+ <<- this no complete config you need to config server and key between Server and SW/R

0 Helpful

MohdHaizarAbdulLatiff4746
Level 1
Level 1
In response to MHM Cisco World

‎05-28-2023 11:42 PM

Yes my bad as didn't complete the config for this "you need to config server and key between Server and SW/R"

So I need help on the STEPs or guide - how to factory reset the router ISR 4431 and access to ROMMON.

Please assist. TQ

MHM Cisco World
VIP
VIP
In response to MohdHaizarAbdulLatiff4746

‎05-29-2023 02:18 AM

https://www.youtube.com/watch?v=QnBPd3pkjCg

How to factory reset Cisco router ISR 4331/K9
How to factory reset Cisco router ISR 4331/K9
youtube.com/watch?v=QnBPd3pkjCg
Notice ********* - The process is done on real equipment Cisco router ISR 4331/K9. - In ROMMON, you can't use "tab" to auto-complete the command. - In case router is configured "no service password-recovery" or "no service password-recovery strict", there will be another solution. ***** For more ...

Flavio Miranda
VIP
VIP

‎05-29-2023 02:41 AM

Olá Ricardo,

 Tem um bug CSCtr23828 que afeta esse router com comportamento parecido. Dá uma olhada nele. A cisco informa que foi resolvido na sua versão mas não é raro ser documentado como resolvido e ainda ser observado no equipamento

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card