02-15-2006 07:35 AM - edited 03-10-2019 02:28 PM
Tacacs not working on router. Here's the debug:
Feb 15 09:01:35: TPLUS: Queuing AAA Authentication request 56 for processing
Feb 15 09:01:35: TPLUS: processing authentication start request id 56
Feb 15 09:01:35: TPLUS: Authentication start packet created for 56()
Feb 15 09:01:35: TPLUS: Using server 10.67.3.68
Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT/642887C4: Started 5 sec timeout
Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT: socket event 2
Feb 15 09:01:35: TPLUS(00000038)/0/NB_WAIT: wrote entire 35 bytes request
Feb 15 09:01:35: TPLUS(00000038)/0/READ: socket event 1
Feb 15 09:01:35: TPLUS(00000038)/0/READ: Would block while reading
Feb 15 09:01:35: TPLUS(00000038)/0/READ: socket event 1
Feb 15 09:01:35: TPLUS(00000038)/0/READ: errno 254
Feb 15 09:01:35: TPLUS(00000038)/0/642887C4: Processing the reply packet
Feb 15 09:01:45: TPLUS: Queuing AAA Authentication request 56 for processing
Feb 15 09:01:45: TPLUS: processing authentication start request id 56
Feb 15 09:01:45: TPLUS: Authentication start packet created for 56()
Feb 15 09:01:45: TPLUS: Using server 10.67.3.68
Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT/658594B0: Started 5 sec timeout
Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT: socket event 2
Feb 15 09:01:45: TPLUS(00000038)/0/NB_WAIT: wrote entire 35 bytes request
Feb 15 09:01:45: TPLUS(00000038)/0/READ: socket event 1
Feb 15 09:01:45: TPLUS(00000038)/0/READ: Would block while reading
Feb 15 09:01:45: TPLUS(00000038)/0/READ: socket event 1
Feb 15 09:01:45: TPLUS(00000038)/0/READ: errno 254
Feb 15 09:01:45: TPLUS(00000038)/0/658594B0: Processing the reply packet
Any Ideas?
Any takers?
02-16-2006 11:41 AM
Jason
The device is sending a request and gets this:READ: errno 254
Can you verify that the TACACS server has a correct definintion for this device?
It might be helpful if you would run debug tacacs packet and post its output.
HTH
Rick
04-01-2008 05:30 AM
04-01-2008 12:35 PM
Prashant
I have looked at the file that you posted (which is the right way to get large amounts of information into a posting) and I believe that it is helpful. I see this type of error message quite a few times:
Apr 1 12:22:54.718: TAC+: Invalid AUTHOR/START packet (check keys).
Apr 1 12:22:54.718: TAC+: Closing TCP/IP 0x641C40B8 connection to 10.
I believe in particular the part that says (check keys) is a clue. I believe that it indicates that there is a mismatch between the configuration on the router and the configuration on the ACS server. Check the configuration of the ACS server to be sure that it has an entry for 10.127.0.202 remote client and make sure that the key configured on the server is the same as the key configured on the router (it might be best to reconfigure the keys just to be sure that they match).
HTH
Rick
04-01-2008 09:36 PM
Hi Rick,
Thanks for your reply. The configs on the acs were fine and were checked multiple times. We restarted the acs service which resolved the issue for us along with the other routers with same issue with same acs.
Thank you
Prashant
04-02-2008 11:07 AM
Prashant
Thank you for posting back to the forum indicating that you had resolved the issue and what you did that resolved the issue. It helps make the forum more useful when people can read about a problem and can read what was done that resolved the problem.
The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.
HTH
Rick
08-24-2009 06:13 AM
hi ,
The same problem has become bigger one now.we have been restarting the services here and there to resolve the login issue.
But now every 4 - 5 hrs we have to restart the service.
We are using acs 4.1 ( two boxes for redundancy - with data replication)
Note : second box is not having any issues.
--is there any patch to be applied ?
error is as same as Prashant has posted above from the device.
1. we have more than 5000 + devices getting auth from this box.
2.Not all devices are having issues
3.randomly devices are having issues whilie logging in / processing commands
example : first two logins will fail third will be a success
can any one please help .........
08-24-2009 06:40 AM
Rajeev,
There are some known bugs on 4.1. I would suggest to upgrade it to 4.2 patch 12 and if you have single connect enabled, please disable it.
Regards,
~JG
Do rate helpful post
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: