TorgN
asked on
Tacacs+ authentication problems.
I`ve got 2 routers (actually 500) . They are all configured with tacacs. and the configuration is exactly the same.
It is cisco 1700 with IOS version 12.3(2)XC2. When trying to login on Router 2 the tacacs works properly, but when I try to login on router 1 I can only login with password and enable password. There`s only 1 tacacs server. The credentials are the same on the tacacs-server. I need help !!
I did a debug on the routers, and here`s the output from both of them
router 1#
Jul 14 09:55:59.914: TPLUS: Queuing AAA Authentication request 16 for processing
Jul 14 09:55:59.914: TPLUS: processing authentication start request id 16
Jul 14 09:55:59.914: TPLUS: Authentication start packet created for 16()
Jul 14 09:55:59.914: TPLUS: Using server 10.160.2.31
Jul 14 09:55:59.914: TPLUS(00000010)/0/NB_WAIT/ 81FA3D80: Started 5 sec timeout
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/ 81FA3D80: timed out
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/ 81FA3D80: timed out, clean up
Jul 14 09:56:04.914: TPLUS(00000010)/0/81FA3D80 : Processing the reply packet
router 2#
.Jul 14 10:02:22.948: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:22.948: TPLUS: processing authentication start request id 1377
.Jul 14 10:02:22.948: TPLUS: Authentication start packet created for 1377()
.Jul 14 10:02:22.948: TPLUS: Using server 10.160.2.31
.Jul 14 10:02:22.948: TPLUS(00000561)/0/IDLE/822 BBF80: got immediate connect on new 0
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE/82 2BBF80: Started 5 sec timeout
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE: wrote entire 36 bytes request
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:22.980: TPLUS(00000561)/0/822BBF80 : Processing the reply packet
.Jul 14 10:02:22.984: TPLUS: Received authen response status GET_USER (7)
.Jul 14 10:02:24.707: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:24.711: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:24.711: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE/82 2B95C8: Started 5 sec timeout
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE: wrote entire 20 bytes request
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:24.759: TPLUS(00000561)/0/822B95C8 : Processing the reply packet
.Jul 14 10:02:24.759: TPLUS: Received authen response status GET_PASSWORD (8)
.Jul 14 10:02:26.097: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:26.097: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:26.097: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE/82 2B95C8: Started 5 sec timeout
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE: wrote entire 23 bytes request
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 6 bytes)
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 18 bytes response
.Jul 14 10:02:26.246: TPLUS(00000561)/0/822B95C8 : Processing the reply packet
.Jul 14 10:02:26.246: TPLUS: Received authen response status PASS (2)
It is cisco 1700 with IOS version 12.3(2)XC2. When trying to login on Router 2 the tacacs works properly, but when I try to login on router 1 I can only login with password and enable password. There`s only 1 tacacs server. The credentials are the same on the tacacs-server. I need help !!
I did a debug on the routers, and here`s the output from both of them
router 1#
Jul 14 09:55:59.914: TPLUS: Queuing AAA Authentication request 16 for processing
Jul 14 09:55:59.914: TPLUS: processing authentication start request id 16
Jul 14 09:55:59.914: TPLUS: Authentication start packet created for 16()
Jul 14 09:55:59.914: TPLUS: Using server 10.160.2.31
Jul 14 09:55:59.914: TPLUS(00000010)/0/NB_WAIT/
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/
Jul 14 09:56:04.914: TPLUS(00000010)/0/81FA3D80
router 2#
.Jul 14 10:02:22.948: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:22.948: TPLUS: processing authentication start request id 1377
.Jul 14 10:02:22.948: TPLUS: Authentication start packet created for 1377()
.Jul 14 10:02:22.948: TPLUS: Using server 10.160.2.31
.Jul 14 10:02:22.948: TPLUS(00000561)/0/IDLE/822
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE/82
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE: wrote entire 36 bytes request
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:22.980: TPLUS(00000561)/0/822BBF80
.Jul 14 10:02:22.984: TPLUS: Received authen response status GET_USER (7)
.Jul 14 10:02:24.707: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:24.711: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:24.711: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE/82
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE: wrote entire 20 bytes request
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:24.759: TPLUS(00000561)/0/822B95C8
.Jul 14 10:02:24.759: TPLUS: Received authen response status GET_PASSWORD (8)
.Jul 14 10:02:26.097: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:26.097: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:26.097: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE/82
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE: wrote entire 23 bytes request
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 6 bytes)
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 18 bytes response
.Jul 14 10:02:26.246: TPLUS(00000561)/0/822B95C8
.Jul 14 10:02:26.246: TPLUS: Received authen response status PASS (2)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
80.0.0.0/30 is subnetted, 1 subnets
c 80.x.x.x is directly connected, serial 0/0.17
r* 0.0.0.0/0 [120/5] via 80.x.x.y, 00:00:03, Serial0/0.17
....
ip tacacs source-interface serial0/0.17