cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1026
Views
0
Helpful
1
Replies

WLC 2504 with Tacacs.net AAA not working

ryno.robile1
Level 1
Level 1

Hi guys

 

I have a problem where my wlc will not authenticate via tacacs.net , the server is reachable from the controller and Authentication, Accounting and Authorization has been setup and enabled on the WLC priority is Tacacs/Local.  On the tacacs server we have an entry for the whole management network and our switches and routers work just fine with no issue. Tacacs.net version 1.31

When we test and do a packet capture on the firewall we can see packet towards the server but nothing back, just strange that switches would work and not the WLC, see debug below.

 

Thanks in Advanced

 

(Cisco Controller) >*aaaQueueReader: Sep 12 12:30:19.075: AuthenticationRequest: 0x2c618510


*aaaQueueReader: Sep 12 12:30:19.075:   Callback.....................................0x114d0740

*aaaQueueReader: Sep 12 12:30:19.075:   protocolType.................................0x00020030

*aaaQueueReader: Sep 12 12:30:19.075:   proxyState...................................00:00:0B:DF:00:00-00:00

*aaaQueueReader: Sep 12 12:30:19.075:   Packet contains 5 AVPs (not shown)

*tplusTransportThread: Sep 12 12:30:19.176: Selected Tplus server xx.xx.xx (port:49, fd:0) to send the message
*tplusTransportThread: Sep 12 12:30:19.177: Setup the Tplus socket for server xx.xx.xx.xx (port:49)
*tplusTransportThread: Sep 12 12:30:19.177: Connecting to tacacs server xx.xx.xx on port=49 on sockFd= 76
*tplusTransportThread: Sep 12 12:30:19.177: Tplus server (xx.xx.xx.xx) start polling for 5sec
*tplusTransportThread: Sep 12 12:30:24.176: Tplus server (xx.xx.xx.xx) connect timeout: 150:Operation now in progress
*tplusTransportThread: Sep 12 12:30:24.177: Failed to setup the Tplus socket for server xx.xx.xx.xx!
*tplusTransportThread: Sep 12 12:30:24.177: Failed to send the Tplus message to xx.xx.xx.xx(port:49, fd:76)
*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)
*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server
*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from : xx.xx.xx.xx (req session_id:0, seq_no:1). Try next Auth server
*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from: xx.xx.xx.xx (req session_id:0, seq_no:1), Tx Tried Cnt:1. Exhausted all servers

*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)
*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server
*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from : xx.xx.xx.xx (req session_id:0, seq_no:1). Try next Auth server
*tplusTransportThread: Sep 12 12:30:24.177: No Auth response from: xx.xx.xx.xx (req session_id:0, seq_no:1), Tx Tried Cnt:1. Exhausted all servers

*tplusTransportThread: Sep 12 12:30:24.177: Failed to send Auth msg (session_id:0, seq_no:1) to server xx.xx.xx.xx(port 49)
*tplusTransportThread: Sep 12 12:30:24.177: Tx Tried Cnt: 1, try on next available Tplus auth server
*tplusTransportThread: Sep 12 12:30:24.177: None of the Tplus Auth servers (Tx Tried Cnt:1) are responding. Drop the auth request(session_id:0, seq_no:1)!
*tplusTransportThread: Sep 12 12:30:24.177: ReProcessAuthentication previous proto 30, next proto 20008
*tplusTransportThread: Sep 12 12:30:24.177: Unable to find requested user entry for john
*tplusTransportThread: Sep 12 12:30:24.177: 00:00:0b:df:00:00 Returning AAA Error 'Authentication Failed' (-4) for mobile 00:00:0b:df:00:00
*tplusTransportThread: Sep 12 12:30:24.177: AuthorizationResponse: 0x2bdd8c84


*tplusTransportThread: Sep 12 12:30:24.177:     structureSize................................92

*tplusTransportThread: Sep 12 12:30:24.177:     resultCode...................................-4

*tplusTransportThread: Sep 12 12:30:24.177:     protocolUsed.................................0x00000008

*tplusTransportThread: Sep 12 12:30:24.177:     proxyState...................................00:00:0B:DF:00:00-00:00

*tplusTransportThread: Sep 12 12:30:24.177:     Packet contains 0 AVPs:

1 Reply 1

ryno.robile1
Level 1
Level 1

Ok, got it partially working. Last question has anybody successfully setup a Cisco WLC to use free Tacacs.net ? getting authentication error Do i need to setup roles how do i do this on tacacs.net ?

Review Cisco Networking for a $25 gift card