Tacacs+ authentication problems.

I`ve got 2 routers (actually 500) . They are all configured with tacacs. and the configuration is exactly the same.
It is cisco 1700 with IOS version 12.3(2)XC2. When trying to login on Router 2 the tacacs works properly, but when I try to login on router 1 I can only login with password and enable password. There`s only 1 tacacs server. The credentials are the same on the tacacs-server. I need help !!

I did a debug on the routers, and here`s the output from both of them

router 1#
Jul 14 09:55:59.914: TPLUS: Queuing AAA Authentication request 16 for processing
Jul 14 09:55:59.914: TPLUS: processing authentication start request id 16
Jul 14 09:55:59.914: TPLUS: Authentication start packet created for 16()
Jul 14 09:55:59.914: TPLUS: Using server 10.160.2.31
Jul 14 09:55:59.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: Started 5 sec timeout
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: timed out
Jul 14 09:56:04.914: TPLUS(00000010)/0/NB_WAIT/81FA3D80: timed out, clean up
Jul 14 09:56:04.914: TPLUS(00000010)/0/81FA3D80: Processing the reply packet

router 2#
.Jul 14 10:02:22.948: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:22.948: TPLUS: processing authentication start request id 1377
.Jul 14 10:02:22.948: TPLUS: Authentication start packet created for 1377()
.Jul 14 10:02:22.948: TPLUS: Using server 10.160.2.31
.Jul 14 10:02:22.948: TPLUS(00000561)/0/IDLE/822BBF80: got immediate connect on new 0
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE/822BBF80: Started 5 sec timeout
.Jul 14 10:02:22.952: TPLUS(00000561)/0/WRITE: wrote entire 36 bytes request
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:22.980: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:22.980: TPLUS(00000561)/0/822BBF80: Processing the reply packet
.Jul 14 10:02:22.984: TPLUS: Received authen response status GET_USER (7)
.Jul 14 10:02:24.707: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:24.711: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:24.711: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE/822B95C8: Started 5 sec timeout
.Jul 14 10:02:24.711: TPLUS(00000561)/0/WRITE: wrote entire 20 bytes request
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 16 bytes)
.Jul 14 10:02:24.759: TPLUS(00000561)/0/READ: read entire 28 bytes response
.Jul 14 10:02:24.759: TPLUS(00000561)/0/822B95C8: Processing the reply packet
.Jul 14 10:02:24.759: TPLUS: Received authen response status GET_PASSWORD (8)
.Jul 14 10:02:26.097: TPLUS: Queuing AAA Authentication request 1377 for processing
.Jul 14 10:02:26.097: TPLUS: processing authentication continue request id 1377
.Jul 14 10:02:26.097: TPLUS: Authentication continue packet generated for 1377
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE/822B95C8: Started 5 sec timeout
.Jul 14 10:02:26.101: TPLUS(00000561)/0/WRITE: wrote entire 23 bytes request
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 12 header bytes (expect 6 bytes)
.Jul 14 10:02:26.246: TPLUS(00000561)/0/READ: read entire 18 bytes response
.Jul 14 10:02:26.246: TPLUS(00000561)/0/822B95C8: Processing the reply packet
.Jul 14 10:02:26.246: TPLUS: Received authen response status PASS (2)




TorgNAsked:
Who is Participating?
 
mcdougpConnect With a Mentor Commented:
What TACACS software and version is 10.160.2.31 using?
0
 
rage419Connect With a Mentor Commented:
are you sure the router is using the source interface/ip that tacacs is expecting? Is that address routeable be both tacacs and the source router's perspective?

Failed logs can also be very helpful in seeing what is not jiving or if the attempt is valid at all.
0
 
TorgNAuthor Commented:
Yes, the router is using the source interface that tacacs is expecting, and yes it`s routable.

80.0.0.0/30 is subnetted, 1 subnets
c 80.x.x.x is directly connected, serial 0/0.17
r* 0.0.0.0/0 [120/5] via 80.x.x.y, 00:00:03, Serial0/0.17
....

ip tacacs source-interface serial0/0.17
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.