GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: ACS TACACS+ [7:131970] posted 07/17/2008
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Thanks for clearing my brain....it was the source address. 

-----Original Message-----
From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf Of
Adrian Brayton
Sent: Wednesday, July 16, 2008 6:30 PM
To: cisco@xxxxxxxxxxxxxx
Subject: Re: ACS TACACS+ [7:131970]

If you do use a loopback, which I recommend dont forget to add this
command!

router(config)# ip tacacs source-interface loopback 0

Good luck!


On Jul 16, 2008, at 7:19 PM, Josh Warcop wrote:

> Also - If you're unsure what interface to source from, create and use 
> a loopback.
>
> Joshua Warcop
> Network Engineer
>
>
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf 
> Of Michael Witte
> Sent: Wednesday, July 16, 2008 7:08 PM
> To: cisco@xxxxxxxxxxxxxx
> Subject: RE: ACS TACACS+ [7:131970]
>
> Yep and you should see an error in ACS saying something like unknown 
> host.
>
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx] On Behalf 
> Of James Willard
> Sent: Wednesday, July 16, 2008 6:03 PM
> To: cisco@xxxxxxxxxxxxxx
> Subject: RE: ACS TACACS+ [7:131970]
>
> Check your "ip tacacs source-interface" on the switches. If it does 
> not match with the IP address you have configured in ACS, you will get

> a failure such as this.
>
>
> James
>
>
> -----Original Message-----
> From: nobody@xxxxxxxxxxxxxx [mailto:nobody@xxxxxxxxxxxxxx]
> Sent: Wednesday, July 16, 2008 5:55 PM
> To: cisco@xxxxxxxxxxxxxx
> Subject: ACS TACACS+ [7:131970]
>
> I am using ACS 4.0 and cannot seem to get a 6513 or 3560 to 
> authenticate.  I can ping the ACS from each and when I debug it I get 
> whats listed.
>
> I have checked multiple times the key string on both sides.
>
> Any help would be appreciated.
>
> Jul 16 16:41:34.387: TAC+: Using default tacacs server-group "MB-AAA"
> list.
> Jul 16 16:41:34.387: TAC+: Opening TCP/IP to IP ADDRESS/49 timeout=5 
> Jul 16 16:41:34.391: TAC+: Opened TCP/IP handle 0x4570A858 to
> 172.30.1.110/49
> Jul 16 16:41:34.391: TAC+: IP ADRESS (3508795005) ACCT/REQUEST/STOP 
> queued Jul 16 16:41:34.491: TAC+: (3508795005) ACCT/REQUEST/STOP 
> processed Jul 16 16:41:34.491: TAC+: received bad ACCT packet: type = 
> 0, expected
> 3
> Jul 16 16:41:34.491: TAC+: Invalid ACCT/REQUEST/STOP packet (check 
> keys).
> Jul 16 16:41:34.491: TAC+: Closing TCP/IP 0x4570A858 connection to IP 
> ADDRESS The information transmitted is intended solely for the 
> individual or entity to which it is addressed and may contain 
> confidential and/or privileged material. Any review, retransmission, 
> dissemination or other use of or taking action in reliance upon this 
> information by persons or entities other than the intended recipient 
> is prohibited. If you have received this email in error please contact

> the sender and delete the material from any computer.




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=131977&t=131970
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html