Okay I've got my login authentication, authorization and accounting working on most of my switches and router through a ACS (TACACS+). But I have this one router that gives me an "% Error in authentication" message as soon as I put in my username. It doesn't even allow me to put in a password. The only way I can get into it is through the local account that I have created on it. I've checked a similar router (same IOS, exact same configuration), and it works okay.... so what can I look for to troubleshoot this problem?? Thanks in advance.
Here is the config on the router: aaa new-model aaa authentication login default local tacacs+ aaa authentication enable default enable tacacs+ aaa authorization exec default tacacs+ local aaa authorization network default none aaa accounting update newinfo aaa accounting exec default start-stop tacacs+ aaa accounting commands 15 default start-stop tacacs+ aaa accounting network default start-stop tacacs+ P.S. Does anyone know of a way to filter out the commands that can be accounted for at the ACS? At the moment, the accounting is working a great but it accounts for every command that's put it. I have an access list on one of my router that is about 150 lines long and gets modified constantly and every command is accounted for in the ACS Accounting. I'm trying to see if there's a way to filter out that particular access-list and not account for it everytime. Thanks again. Amer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59393&t=59393 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
