Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
2
Replies

3850 and Intermittent TACACS issue

mbhnt
Level 1
Level 1

‎08-26-2015 03:32 AM - edited ‎03-08-2019 01:31 AM

Hi,


We've installed a 3850 (WS-C3850-48T) and added it so our ACS (v4.1) server but have a problem where it intermittently fails to authenticate a CLI session on the first attempt, the second attempt works fine. At first we thought we were getting the password wrong but we've now proved this isn't the case. The ACS Server also shows no record of the failed attempt in the log files.

 

Our AAA config is as below :-

aaa authentication login default group tacacs+ local
aaa authentication ppp default if-needed group tacacs+ local
aaa authorization network default group tacacs+ local
aaa accounting network default start-stop group tacacs+

tacacs-server host 10.x.x.x. single-connection key 7 *****************

 

Has any one else experience this and manged to fix the issue?

 

 

Labels:
0 Helpful
2 Replies 2

Josh Sprang
Level 1
Level 1

‎08-26-2015 06:03 AM

Have you tried running a debug tacsacs or debug tacacs events...  

 

http://www.cisco.com/c/en/us/td/docs/ios/12_2/debug/command/reference/122debug/dbfser.html#wp1019035

0 Helpful

Richard Bradfield
Level 6
Level 6

‎08-28-2015 06:21 PM

If you are not seeing a record of the failed attempts in the ACS log files, then looks like it is something on the 3850, or routing to the ACS server, does it  go thru a VPN tunnel or anything to get to the ACS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card