Solved

Tacacs+ authentication problems.

Posted on 2006-07-14
3
1,649 Views
Last Modified: 2008-02-01
I`ve got 2 routers (actually 500) . They are all configured with tacacs. and the configuration is exactly the same.
It is cisco 1700 with IOS version 12.3(2)XC2. When trying to login on Router 2 the tacacs works properly, but when I try to login on router 1 I can only login with password and enable password. There`s only 1 tacacs server. The credentials are the same on the tacacs-server. I need help !!

I did a debug on the routers, and here`s the output from both of them

router 1#
Jul 14 09:55:59.914: TPLUS: Queuing AAA Authentication request 16 for processing
Jul 14 09:55:59.914: TPLUS: processing authentication start request id 16
Jul 14 09:55:59.914: TPLUS: Authentication start packet created for 16()
Jul 14 09:55:59.914: TPLUS: Using server 10.160.2.31
Jul 14 09:55:59.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: Started 5 sec timeout
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: timed out
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: timed out, clean up
Jul 14 09:56:04.914: TPLUS(00000010)/0/81FA3D80: Processing the reply packet

router 2#
.Jul 14 10:02:22.948: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:22.948: TPLUS: processing authentication start request id 1377
.Jul 14 10:02:22.948: TPLUS: Authentication start packet created for 1377()
.Jul 14 10:02:22.948: TPLUS: Using server 10.160.2.31
.Jul 14 10:02:22.948: TPLUS(00000561)/0/IDLE/822BBF80: got immediate connect on new 0
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE/822BBF80: Started 5 sec timeout
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE: wrote entire 36 bytes request
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:22.980: TPLUS(00000561)/0/822BBF80: Processing the reply packet
.Jul 14 10:02:22.984: TPLUS: Received authen response status GET_USER (7)
.Jul 14 10:02:24.707: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:24.711: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:24.711: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE/822B95C8: Started 5 sec timeout
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE: wrote entire 20 bytes request
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:24.759: TPLUS(00000561)/0/822B95C8: Processing the reply packet
.Jul 14 10:02:24.759: TPLUS: Received authen response status GET_PASSWORD (8)
.Jul 14 10:02:26.097: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:26.097: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:26.097: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE/822B95C8: Started 5 sec timeout
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE: wrote entire 23 bytes request
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 6 bytes)
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 18 bytes response
.Jul 14 10:02:26.246: TPLUS(00000561)/0/822B95C8: Processing the reply packet
.Jul 14 10:02:26.246: TPLUS: Received authen response status PASS (2)




0
Comment
Question by:TorgN
3 Comments
 
LVL 4

Assisted Solution

by:rage419
rage419 earned 250 total points
ID: 17107431
are you sure the router is using the source interface/ip that tacacs is expecting? Is that address routeable be both tacacs and the source router's perspective?

Failed logs can also be very helpful in seeing what is not jiving or if the attempt is valid at all.
0
 

Author Comment

by:TorgN
ID: 17107502
Yes, the router is using the source interface that tacacs is expecting, and yes it`s routable.

80.0.0.0/30 is subnetted, 1 subnets
c 80.x.x.x is directly connected, serial 0/0.17
r* 0.0.0.0/0 [120/5] via 80.x.x.y, 00:00:03, Serial0/0.17
....

ip tacacs source-interface serial0/0.17
0
 

Accepted Solution

by:
mcdougp earned 250 total points
ID: 17108289
What TACACS software and version is 10.160.2.31 using?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question