Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6599
Views
11
Helpful
7
Replies

tacacs debug message

j-bliss
Level 1
Level 1

‎02-15-2006 07:35 AM - edited ‎03-10-2019 02:28 PM

Tacacs not working on router. Here's the debug:

Feb 15 09:01:35: TPLUS: Queuing AAA Authentication request 56 for processing

Feb 15 09:01:35: TPLUS: processing authentication start request id 56

Feb 15 09:01:35: TPLUS: Authentication start packet created for 56()

Feb 15 09:01:35: TPLUS: Using server 10.67.3.68

Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT/642887C4: Started 5 sec timeout

Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT: socket event 2

Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT: wrote entire 35 bytes request

Feb 15 09:01:35: TPLUS(00000038)/0/READ: socket event 1

Feb 15 09:01:35: TPLUS(00000038)/0/READ: Would block while reading

Feb 15 09:01:35: TPLUS(00000038)/0/READ: socket event 1

Feb 15 09:01:35: TPLUS(00000038)/0/READ: errno 254

Feb 15 09:01:35: TPLUS(00000038)/0/642887C4: Processing the reply packet

Feb 15 09:01:45: TPLUS: Queuing AAA Authentication request 56 for processing

Feb 15 09:01:45: TPLUS: processing authentication start request id 56

Feb 15 09:01:45: TPLUS: Authentication start packet created for 56()

Feb 15 09:01:45: TPLUS: Using server 10.67.3.68

Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT/658594B0: Started 5 sec timeout

Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT: socket event 2

Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT: wrote entire 35 bytes request

Feb 15 09:01:45: TPLUS(00000038)/0/READ: socket event 1

Feb 15 09:01:45: TPLUS(00000038)/0/READ: Would block while reading

Feb 15 09:01:45: TPLUS(00000038)/0/READ: socket event 1

Feb 15 09:01:45: TPLUS(00000038)/0/READ: errno 254

Feb 15 09:01:45: TPLUS(00000038)/0/658594B0: Processing the reply packet

Any Ideas?

Any takers?

2 people had this problem
Labels:
0 Helpful
7 Replies 7

Richard Burts
Hall of Fame
Hall of Fame

‎02-16-2006 11:41 AM

Jason

The device is sending a request and gets this:READ: errno 254

Can you verify that the TACACS server has a correct definintion for this device?

It might be helpful if you would run debug tacacs packet and post its output.

HTH

Rick

HTH

Rick
0 Helpful

prashsin1
Level 1
Level 1
In response to Richard Burts

‎04-01-2008 05:30 AM

Hi Rick,

I am facing the same issue Jason mentioned. As you suggested him I am attaching the result of debug tacacs and cannot paste due to word limit. Please suggest.

Thanks

Prashant

Preview file
8 KB
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to prashsin1

‎04-01-2008 12:35 PM

Prashant

I have looked at the file that you posted (which is the right way to get large amounts of information into a posting) and I believe that it is helpful. I see this type of error message quite a few times:

Apr 1 12:22:54.718: TAC+: Invalid AUTHOR/START packet (check keys).

Apr 1 12:22:54.718: TAC+: Closing TCP/IP 0x641C40B8 connection to 10.

I believe in particular the part that says (check keys) is a clue. I believe that it indicates that there is a mismatch between the configuration on the router and the configuration on the ACS server. Check the configuration of the ACS server to be sure that it has an entry for 10.127.0.202 remote client and make sure that the key configured on the server is the same as the key configured on the router (it might be best to reconfigure the keys just to be sure that they match).

HTH

Rick

HTH

Rick

prashsin1
Level 1
Level 1
In response to Richard Burts

‎04-01-2008 09:36 PM

Hi Rick,

Thanks for your reply. The configs on the acs were fine and were checked multiple times. We restarted the acs service which resolved the issue for us along with the other routers with same issue with same acs.

Thank you

Prashant

Richard Burts
Hall of Fame
Hall of Fame
In response to prashsin1

‎04-02-2008 11:07 AM

Prashant

Thank you for posting back to the forum indicating that you had resolved the issue and what you did that resolved the issue. It helps make the forum more useful when people can read about a problem and can read what was done that resolved the problem.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick
0 Helpful

rajivrajan1
Level 3
Level 3
In response to Richard Burts

‎08-24-2009 06:13 AM

hi ,

The same problem has become bigger one now.we have been restarting the services here and there to resolve the login issue.

But now every 4 - 5 hrs we have to restart the service.

We are using acs 4.1 ( two boxes for redundancy - with data replication)

Note : second box is not having any issues.

--is there any patch to be applied ?

error is as same as Prashant has posted above from the device.

1. we have more than 5000 + devices getting auth from this box.

2.Not all devices are having issues

3.randomly devices are having issues whilie logging in / processing commands

example : first two logins will fail third will be a success

can any one please help .........

0 Helpful

Jagdeep Gambhir
Level 10
Level 10
In response to rajivrajan1

‎08-24-2009 06:40 AM

Rajeev,

There are some known bugs on 4.1. I would suggest to upgrade it to 4.2 patch 12 and if you have single connect enabled, please disable it.

Regards,

~JG

Do rate helpful post

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents