Hi @drabofred

The Cisco ACS is the end of sale and end of support, you should move to Cisco ISE.

However, I will try to help you as much as I can to fix your issue. 

 Please confirm the following in order to understand where is the problem.

1) Have you created the groups and user assigned to those groups?

2) Password Authentication using ACS Internal database?

3) Shell command authorization set using AS group and device group assigned?

4) devices are added to the group which is assigned to the user?

5) Check the service are running in the System Configuration?

6) what is the ACS Service connection timeout?

7) Interface Configuration --> Advanced Options --> Check all the options?

8) Shared Secret should be the same on the devices as ACS?

9) If it's still not working share the configuration from the network device.

10) check the legacy TACACS+ Single connect support for this aaa client option under the Devices group?

BR

Tayyab