Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9219
Views
0
Helpful
5
Replies

Error in authentication

a.hajhamad
Level 4
Level 4

‎12-14-2008 05:34 AM

Hi,

I have configured more than 40 Cisco routers (2811 & 1841) with the following aaa commands:

aaa new-model

!

!

aaa authentication login default group tacacs+ enable

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting network default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+

!

!

ip tacacs source-interface fastethernet 0/0

tacacs-server host x.x.x.x key key123

tacacs-server directed-request

!

!

!

i tried all of them (remote access) and everything works fine.

I surprised that two of them (cisco 2811 & Cisco 1841) i faced an error "error in authentication" when i try to type enable at the user-mode. By the way, i can access them with username & password.

I tried to change the IP address from the ACS server (AAA clients) for these two sites in order to access using enable secret but failed.

I'm using SSH.

Please your help.

Labels:
0 Helpful
5 Replies 5

mike_guy29
Level 1
Level 1

‎12-14-2008 07:59 AM

Hi,

Where is the authentication for the enable password meant to take place? Locally or using Tacacs? If may be worthwhile adding in the command

"aaa authentication enable default group tacacs+ local" or change it slightly depending where you want it to carry out the authentication.

Hope that helps

0 Helpful

a.hajhamad
Level 4
Level 4
In response to mike_guy29

‎12-14-2008 12:41 PM

Hi,

enable secret is locally.

the mentioned command is already added but with enable secret when ACS is not reachable.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to a.hajhamad

‎12-14-2008 05:53 PM

Alqader

Mike suggests that you use this command:

aaa authentication enable default group tacacs+ local

and you respond that:

the mentioned command is already added

The aaa authentication enable is not included in your original post. Either your response to Mike is incorrect or your original post is significantly incomplete. In either case it makes it difficult to understand your issue and to give you good advice. Can you clarify exactly what is in your config and what the problem is?

HTH

Rick

HTH

Rick
0 Helpful

a.hajhamad
Level 4
Level 4
In response to Richard Burts

‎12-15-2008 12:41 AM

Rick

i replied to him that the mentioned command already exists but with enable secret not locally.

Just i want to know if anyone experienced this problem and how can we access the device remotely (if exists).

Any way, Thanks

0 Helpful

a.hajhamad
Level 4
Level 4
In response to a.hajhamad

‎12-15-2008 11:05 PM

Solved, the enable secret command is not applied, i don't know how it is removed!

Thanks

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card