Re: Basic TACACS authentication.

From: Edison Ortiz (edisonmortiz@gmail.com)
Date: Wed Jan 10 2007 - 11:34:48 ART

• Next message: Durkin, Michael (MED US): "RE: Free CCIE Lab Strategy seminar tomorrow 12/10/06"
• Previous message: Durkin, Michael (MED US): "RE: How do you handle 4 switches on IE V4 labs ?"
• Maybe in reply to: V Shekhar: "Basic TACACS authentication."
• Next in thread: Kal Han: "Re: Basic TACACS authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Try adding this line

aaa authentication enable default group tacacs+ enable

----- Original Message -----
From: "V Shekhar" <vshekhar25@yahoo.com>
To: "Groupstudy" <security@groupstudy.com>; "Cisco certification"
<ccielab@groupstudy.com>
Sent: Wednesday, January 10, 2007 12:01 AM
Subject: Basic TACACS authentication.

> This might be a very basic issue but i am stuck here, any inputs welcome.
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> aaa new-model
> !
> !
> aaa authentication login VTY_AUTH group tacacs+
> aaa accounting exec default start-stop group tacacs+
> aaa session-id common
>
> tacacs-server host x.x.x.x key CISCO
> tacacs-server directed-request
>
> line vty 0 4
> login authentication VTY_AUTH
> transport input telnet ssh
> transport output none
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Now when i telnet to this router i do not get prompted for a username and
> passowrd atall.
> Instead i get this.
>
> R6#telnet 150.1.5.5
> Trying 150.1.5.5 ... Open
>
> % Authentication failed.
>
> % Authentication failed.
>
> % Authentication failed.
>
> [Connection to 150.1.5.5 closed by foreign host]
>
> On the other hand the ACS (tacacs server) i cannot see anything in passed
> or failed auth attempts.
> (Yes i have enabled passed auth logging on ACS)
> The ony time i see a log on ACS is when i have not configured the router
> as authorized NAS in ACS.
> I can see TCP port 49 packes via a sniffer reaching to the ACS a ACS
> responding back.
>
> I have a ASA in between the router and the ACS, the ACLs on the router
> show hits against the ACL which allows TACACS.
>
>
>
> Thanx,
> -sHekHar.
> CCSP/CISSP/RHCE.
>
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Durkin, Michael (MED US): "RE: Free CCIE Lab Strategy seminar tomorrow 12/10/06"
• Previous message: Durkin, Michael (MED US): "RE: How do you handle 4 switches on IE V4 labs ?"
• Maybe in reply to: V Shekhar: "Basic TACACS authentication."
• Next in thread: Kal Han: "Re: Basic TACACS authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART