[nsp] TACACS / ACE Server timeouts
Clinton Work
clinton at scripty.com
Mon Jul 21 23:50:51 EDT 2003
I have seen this behavior under two conditions:
a) The network is seriously degraded and is having problems reaching the
TACACS server
b) The TACACS server is malfunctioning or slow to respond
I would enable the follow debug commands on one of your routers and while
the problem is happening.
debug tacacs events
debug aaa authentication
----- Original Message -----
From: "Streiner, Justin" <streiner at stargate.net>
To: <cisco-nsp at puck.nether.net>
Sent: Monday, July 21, 2003 4:43 PM
Subject: [nsp] TACACS / ACE Server timeouts
> We use TACACS to authenticate admin sessions into many network devices.
> The authentication is provided by an ACE server with SecurID hardware
> tokens for single-use password capabilities. If for some reason the ACE
> server is down, the router will fall back to locally configured passwords.
> >From time to time, a login session attempt to a device that authenticates
> this way will time out and fall back to the local password. Subsequent
> authentication requests such as the start of a new login session or
> enabling on an existing session will be authenticated by the ACE server
> normally.
>
More information about the cisco-nsp
mailing list