cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1064
Views
0
Helpful
2
Replies

ACS / TACACs login delay after reboot

Ven Taylor
Level 4
Level 4

Hey folks!

I've noticed a problem I'm assuming is related to ACS.

I normally open up a continuous ping to a router when I reload it so I know when it's back up.

Normally, once I can ping it, I can ssh into it.

Now, when I can ping it, I have to wait a good five minutes before it'll accept my login credentials.

Router is using ACS for TACACs authentication.

I know the connectivity is good, because I can ssh to switches behind the router at the site.  It's just the router that won't accept my login/pass for a few minutes.

I know it's ACS related, but I'm not sure what it is.

Has anyone else seen this?

Running ACS v4.2

Thanks in advance!

Ven

Ven Taylor
2 Replies 2

AFROJ AHMAD
Cisco Employee
Cisco Employee

Hi Ven,

I am not an ACS expert , however I would suggest is to look at the failed attempts logs and check if you found anything

useful.

Thanks-
Afroz
[Do rate the useful post]
****Ratings Encourages Contributors ****

Thanks- Afroz [Do rate the useful post] ****Ratings Encourages Contributors ****

ROBERTO GIANA
Level 4
Level 4

Hi Ven

I doubt it's related to the ACS.

IOS holds down authentications/logins after a reload to make sure the network is properly converged to be able to write accounting logs when configured so.

Try to issue the following command:

no aaa accounting system guarantee-first

This instructs the IOS not to wait for the network to converge for accounting to work.

 

Regards

Roberto

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco