Re: Basic TACACS authentication.

From: V Shekhar (vshekhar25@yahoo.com)
Date: Thu Jan 11 2007 - 00:48:14 ART

• Next message: Raj Bansal: "RE: Shaping and priority queue"
• Previous message: Daniel_Steyn@Dell.com: "Dell Network Engineer positions"
• Maybe in reply to: V Shekhar: "Basic TACACS authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanx to all who responded to me, There indeed was a connectivity issue
between the AAA & the router, while the packets were reaching the AAA the
reverse traffic was not reaching the router hence this problem.
 
Thanx,
-sHekHar.
CCSP/CISSP/RHCE.

----- Original Message ----
From: Prashanth Kumar
<prash7468@gmail.com>
To: V Shekhar <vshekhar25@yahoo.com>
Cc: Groupstudy
<security@groupstudy.com>; Cisco certification <ccielab@groupstudy.com>
Sent:
Thursday, January 11, 2007 3:08:12 AM
Subject: Re: Basic TACACS
authentication.

Shekar,

You can test whether configured tacacas is working
from the router by using following command.

#test aaa group tacacs+
username password new-code.

thx
Prashanth

On 1/9/07, V Shekhar
<vshekhar25@yahoo.com> wrote:
This might be a very basic issue but i am stuck
here, any inputs welcome.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
aaa new-model
!
!
aaa
authentication login VTY_AUTH group tacacs+
aaa accounting exec default
start-stop group tacacs+

aaa session-id common

tacacs-server host x.x.x.x
key CISCO
tacacs-server directed-request

line vty 0 4
 login authentication
VTY_AUTH
 transport input telnet ssh
 transport output none
++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Now when i telnet
to this router i do not get prompted for a username and passowrd atall.
Instead i get this.

R6#telnet 150.1.5.5
Trying 150.1.5.5
 ... Open

%
Authentication failed.

% Authentication failed.

% Authentication failed.
[Connection to 150.1.5.5 closed by foreign host]

On the other hand the ACS
(tacacs server) i cannot see anything in passed or failed auth attempts.

(Yes
i have enabled passed auth logging on ACS)
The ony time i see a log on ACS is
when i have not configured the router as authorized NAS in ACS.
I can see TCP
port 49 packes via a sniffer reaching to the ACS a ACS responding back.

I
have a ASA in between the router and the ACS, the ACLs on the router show hits
against the ACL which allows TACACS.

Thanx,
-sHekHar.
CCSP/CISSP/RHCE.

• Next message: Raj Bansal: "RE: Shaping and priority queue"
• Previous message: Daniel_Steyn@Dell.com: "Dell Network Engineer positions"
• Maybe in reply to: V Shekhar: "Basic TACACS authentication."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART