I am configuring a Cisco ACS server as a TACACS+ server. I have a router will use ACS server for authentication. At the router, all parameters like tacacs host , tacacs key has been configured. ACS server is located inside the Firewall. Few username are created in ACS server.
From router , I am able to ping to the ACS server and able to telnet to ACS server port 49. Firewall log show that packets are accepted. However no authentication can be done. I got "access denied". I have done a debug aaa authentication. Jun 10 20:39:07: AAA/AUTHEN: create_user user='' ruser='' port='tty3' rem_addr=' 102.102.118.66' authen_type=1 service=1 priv=1 Jun 10 20:39:07: AAA/AUTHEN/START (0): port='tty3' list='' action=LOGIN service= LOGIN Jun 10 20:39:07: AAA/AUTHEN/START (0): using "default" list Jun 10 20:39:07: AAA/AUTHEN/START (410787771): Method=TACACS+ Jun 10 20:39:07: AAA/AUTHEN (410787771): status = ERROR Jun 10 20:39:07: AAA/AUTHEN/START (410787771): Method=LOCAL Jun 10 20:39:07: AAA/AUTHEN (410787771): status = GETUSER Jun 10 20:39:10: AAA/AUTHEN/CONT (410787771): continue_login Jun 10 20:39:10: AAA/AUTHEN (410787771): status = GETUSER Jun 10 20:39:10: AAA/AUTHEN/CONT (410787771): Method=LOCAL Jun 10 20:39:10: AAA/AUTHEN (410787771): status = GETPASS Jun 10 20:39:12: AAA/AUTHEN/CONT (410787771): continue_login Jun 10 20:39:12: AAA/AUTHEN (410787771): status = GETPASS Jun 10 20:39:12: AAA/AUTHEN/CONT (410787771): Method=LOCAL Jun 10 20:39:12: AAA/AUTHEN (410787771): password incorrect Jun 10 20:39:12: AAA/AUTHEN (410787771): status = FAIL Jun 10 20:39:14: AAA/AUTHEN: free user='test1' ruser='' port='tty3' rem_addr='10 2.102.118.66' authen_type=1 service=1 priv=1 Jun 10 20:39:14: AAA/AUTHEN: create_user user='' ruser='' port='tty3' rem_addr=' 102.102.118.66' authen_type=1 service=1 priv=1 Jun 10 20:39:14: AAA/AUTHEN/START (0): port='tty3' list='' action=LOGIN service= LOGIN Jun 10 20:39:14: AAA/AUTHEN/START (0): using "default" list Jun 10 20:39:14: AAA/AUTHEN/START (440731952): Method=TACACS+ Jun 10 20:39:14: AAA/AUTHEN (440731952): status = ERROR Does anyone has any idea ? regards Jimmy __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=46193&t=46193 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]