From: V Shekhar (vshekhar25@yahoo.com)
Date: Wed Jan 10 2007 - 02:01:17 ART
This might be a very basic issue but i am stuck here, any inputs welcome.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
aaa new-model
!
!
aaa authentication login VTY_AUTH group tacacs+
aaa accounting exec default start-stop group tacacs+
aaa session-id common
tacacs-server host x.x.x.x key CISCO
tacacs-server directed-request
line vty 0 4
login authentication VTY_AUTH
transport input telnet ssh
transport output none
++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Now when i telnet to this router i do not get prompted for a username and passowrd atall.
Instead i get this.
R6#telnet 150.1.5.5
Trying 150.1.5.5 ... Open
% Authentication failed.
% Authentication failed.
% Authentication failed.
[Connection to 150.1.5.5 closed by foreign host]
On the other hand the ACS (tacacs server) i cannot see anything in passed or failed auth attempts.
(Yes i have enabled passed auth logging on ACS)
The ony time i see a log on ACS is when i have not configured the router as authorized NAS in ACS.
I can see TCP port 49 packes via a sniffer reaching to the ACS a ACS responding back.
I have a ASA in between the router and the ACS, the ACLs on the router show hits against the ACL which allows TACACS.
Thanx,
-sHekHar.
CCSP/CISSP/RHCE.
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:56 ART