From: Kal Han (calikali2006@gmail.com)
Date: Wed Jan 10 2007 - 15:35:37 ART
Hi Sekhar
That usually means your tacacs server IP is not correctly
configured. The error messages you see are because of that.
Check in your config
tacacs-server host x.x.x.x key CISCO
*if x.x.x.x is the right IP* , check the key also - just in case.
Rest looks good.
Thanks
Kal
On 1/9/07, V Shekhar <vshekhar25@yahoo.com> wrote:
>
> This might be a very basic issue but i am stuck here, any inputs welcome.
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> aaa new-model
> !
> !
> aaa authentication login VTY_AUTH group tacacs+
> aaa accounting exec default start-stop group tacacs+
> aaa session-id common
>
> tacacs-server host x.x.x.x key CISCO
> tacacs-server directed-request
>
> line vty 0 4
> login authentication VTY_AUTH
> transport input telnet ssh
> transport output none
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> Now when i telnet to this router i do not get prompted for a username and
> passowrd atall.
> Instead i get this.
>
> R6#telnet 150.1.5.5
> Trying 150.1.5.5 ... Open
>
> % Authentication failed.
>
> % Authentication failed.
>
> % Authentication failed.
>
> [Connection to 150.1.5.5 closed by foreign host]
>
> On the other hand the ACS (tacacs server) i cannot see anything in passed
> or failed auth attempts.
> (Yes i have enabled passed auth logging on ACS)
> The ony time i see a log on ACS is when i have not configured the router
> as authorized NAS in ACS.
> I can see TCP port 49 packes via a sniffer reaching to the ACS a ACS
> responding back.
>
> I have a ASA in between the router and the ACS, the ACLs on the router
> show hits against the ACL which allows TACACS.
>
>
>
> Thanx,
> -sHekHar.
> CCSP/CISSP/RHCE.
>
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART