The ACS server should have some error report in the logs if the router is contacting it. It sounds like the response is so quick, the ACS server isn't doing a lookup.
Have you nailed down the interface the router should use as the source address for contacting the ACS server. If not, the router could be contacting the ACS server and the ACS server is rejecting the request because it is undefined. The router could have multiple interfaces and is using the wrong one as the source. -----Original Message----- From: Amer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, December 17, 2002 12:30 PM To: [EMAIL PROTECTED] Subject: ACS Authentication/Auth/Accounting [7:59393] Okay I've got my login authentication, authorization and accounting working on most of my switches and router through a ACS (TACACS+). But I have this one router that gives me an "% Error in authentication" message as soon as I put in my username. It doesn't even allow me to put in a password. The only way I can get into it is through the local account that I have created on it. I've checked a similar router (same IOS, exact same configuration), and it works okay.... so what can I look for to troubleshoot this problem?? Thanks in advance. Here is the config on the router: aaa new-model aaa authentication login default local tacacs+ aaa authentication enable default enable tacacs+ aaa authorization exec default tacacs+ local aaa authorization network default none aaa accounting update newinfo aaa accounting exec default start-stop tacacs+ aaa accounting commands 15 default start-stop tacacs+ aaa accounting network default start-stop tacacs+ P.S. Does anyone know of a way to filter out the commands that can be accounted for at the ACS? At the moment, the accounting is working a great but it accounts for every command that's put it. I have an access list on one of my router that is about 150 lines long and gets modified constantly and every command is accounted for in the ACS Accounting. I'm trying to see if there's a way to filter out that particular access-list and not account for it everytime. Thanks again. Amer Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=59404&t=59393 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
