• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1706
  • Last Modified:

Tacacs+ authentication problems.

I`ve got 2 routers (actually 500) . They are all configured with tacacs. and the configuration is exactly the same.
It is cisco 1700 with IOS version 12.3(2)XC2. When trying to login on Router 2 the tacacs works properly, but when I try to login on router 1 I can only login with password and enable password. There`s only 1 tacacs server. The credentials are the same on the tacacs-server. I need help !!

I did a debug on the routers, and here`s the output from both of them

router 1#
Jul 14 09:55:59.914: TPLUS: Queuing AAA Authentication request 16 for processing
Jul 14 09:55:59.914: TPLUS: processing authentication start request id 16
Jul 14 09:55:59.914: TPLUS: Authentication start packet created for 16()
Jul 14 09:55:59.914: TPLUS: Using server 10.160.2.31
Jul 14 09:55:59.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: Started 5 sec timeout
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: timed out
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: timed out, clean up
Jul 14 09:56:04.914: TPLUS(00000010)/0/81FA3D80: Processing the reply packet

router 2#
.Jul 14 10:02:22.948: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:22.948: TPLUS: processing authentication start request id 1377
.Jul 14 10:02:22.948: TPLUS: Authentication start packet created for 1377()
.Jul 14 10:02:22.948: TPLUS: Using server 10.160.2.31
.Jul 14 10:02:22.948: TPLUS(00000561)/0/IDLE/822BBF80: got immediate connect on new 0
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE/822BBF80: Started 5 sec timeout
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE: wrote entire 36 bytes request
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:22.980: TPLUS(00000561)/0/822BBF80: Processing the reply packet
.Jul 14 10:02:22.984: TPLUS: Received authen response status GET_USER (7)
.Jul 14 10:02:24.707: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:24.711: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:24.711: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE/822B95C8: Started 5 sec timeout
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE: wrote entire 20 bytes request
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:24.759: TPLUS(00000561)/0/822B95C8: Processing the reply packet
.Jul 14 10:02:24.759: TPLUS: Received authen response status GET_PASSWORD (8)
.Jul 14 10:02:26.097: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:26.097: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:26.097: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE/822B95C8: Started 5 sec timeout
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE: wrote entire 23 bytes request
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 6 bytes)
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 18 bytes response
.Jul 14 10:02:26.246: TPLUS(00000561)/0/822B95C8: Processing the reply packet
.Jul 14 10:02:26.246: TPLUS: Received authen response status PASS (2)




0
TorgN
Asked:
TorgN
2 Solutions
 
rage419Commented:
are you sure the router is using the source interface/ip that tacacs is expecting? Is that address routeable be both tacacs and the source router's perspective?

Failed logs can also be very helpful in seeing what is not jiving or if the attempt is valid at all.
0
 
TorgNAuthor Commented:
Yes, the router is using the source interface that tacacs is expecting, and yes it`s routable.

80.0.0.0/30 is subnetted, 1 subnets
c 80.x.x.x is directly connected, serial 0/0.17
r* 0.0.0.0/0 [120/5] via 80.x.x.y, 00:00:03, Serial0/0.17
....

ip tacacs source-interface serial0/0.17
0
 
mcdougpCommented:
What TACACS software and version is 10.160.2.31 using?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now